Applicable to:
- Plesk for Linux
Symptoms
-
The load to the website is highly increased;
-
Many requests came from the specific IP address according to the report at the Plesk > Domains > example.com > Logs page.
-
The accessed files from logs coincide with the most files from the this list:
/DOMEN.sql.zip
/NAME_DOMEN.sql.zip
/backup.sql.zip
/database.sql.zip
/main.sql
/main.sql.gz
/main.sql.zip
/shop.sql.gz
/shop.sql.zip
/sql.sql.zip
/www.sql
/www.sql.gz
/www.sql.zip
/wwwroot.sql.gz
/dbdump.sql.zip
/dbdump.sql.rar
/dbdump.sql.tar
/dbdump.bak
/uploads.7z
/uploads.tar.gz
/uploads.bz2
/uploads.bak
/upload.zip
/upload.gz
/test.sql
/test.tar
/test.tar.bz2
/test.tgz
/test.bck
/test.bz2
/test.bak
/security.sql
/security.gz
/security.txt
/security.tar.gz
/secret.sql.gz
/password.sql.zip
/password.sql.rar
/password.sql.tar
/password.bck
/password.bz2
/password.bak
/passwords.7z
/passwords.sql
/passwords.rar
/passwords.gz
/passwords.tar.gz
/pass.tar
/pass.txt
/pass.tgz
/pass.gz
/pass.sql.gz
/latest.sql.gz
/latest.sql.zip
/migration.zip
/migration.sql
/migration.rar
/migration.gz
/migration.tar
/migration.txt
/wp.sql.zip
/wp.sql.rar
/wp.sql.tar
/wp.bck
/wp.bz2
/wp.bak
/wordpress.7z
/wordpress.zip
/wordpress.sql
/wordpress.txt
/wordpress.sql.zip
/wordpress.sql.tar
/wordpress.bck
/wordpress.bz2
/wordpress.bak
/blog.tar
/blog.sql.zip
/blog.sql.rar
/blog.bck
/blog.bz2
/blog.bak
/backup.7z
/backup.sql
/backup.gz
/backup.tar
/backup.tgz
/db1.tar.bz2
/db1.tgz
/db1.sql.gz
/db1.sql.rar
/backup(1).gz
/backup(1).txt
/backup(1).tar.gz
/backup(1).tar.bz2
/backup(1).tgz
/backup(1).sql.zip
/backup(1).sql.rar
/backup(1).sql.tar
/backup(1).bz2
/hosting.txt
/hosting.tar.gz
/hosting.tar.bz2
/hosting.tgz
/hosting.gz
/hosting.sql.gz
/hosting.sql.rar
/hosting.bz2
/host.sql.gz
/server.sql
/server.tar.gz
/server.gz
/linux.gz
/linux.bak
/adminer.php
//2015/wp-includes/wlwmanifest.xml
//2016/wp-includes/wlwmanifest.xml
//2017/wp-includes/wlwmanifest.xml
//2018/wp-includes/wlwmanifest.xml
//media/wp-includes/wlwmanifest.xml
//news/wp-includes/wlwmanifest.xml
//shop/wp-includes/wlwmanifest.xml
//sito/wp-includes/wlwmanifest.xml
//test/wp-includes/wlwmanifest.xml
//web/wp-includes/wlwmanifest.xml
//website/wp-includes/wlwmanifest.xml
//wp1/wp-includes/wlwmanifest.xml
//wp2/wp-includes/wlwmanifest.xml
/wordpress3/wp-login.php
/shop.sql
/shop.rar
/application.zip
/base.sql
/base.zip
/bd.sql
/download.zip
/orders.sql
/site.rar
/site.tar
/site.tar.gz
/site.tgz
/site.zip
/1.tgz
/archive.tar
/archive.tar.gz
/archive.tgz
/archive.zip
/backup.tgz
/blog.tgz
/dump.rar
/forum.tar
/forum.tar.gz
/forum.tgz
/forum.zip
/public_html.sql
/public_html.tgz
/shop.tar
/shop.tar.gz
/shop.tgz
/shop.zip
/b/bigdump.php
/bdump.php
/big/bigdump.php
/bigdump.php
/bigdump/bigdump.php
/bigdump1.php
/dump/bigdump.php
/mysql/bigdump.php
/sql/bigdump.php
/portal/wp-login.php
/assets/plugins/jquery-file-upload/server/php/index.php/assets/plugins/jquery-file-upload/server/php/index.php
/assets/plugins/jquery-file-upload/server/php/index.php
/assets/jquery-file-upload/server/php/index.php/assets/jquery-file-upload/server/php/index.php
/assets/jquery-file-upload/server/php/index.php
/assets/global/plugins/jquery-file-upload/server/php/index.php/assets/global/plugins/jquery-file-upload/server/php/index.php
/assets/global/plugins/jquery-file-upload/server/php/index.php
/phpformbuilder/plugins/jQuery-File-Upload/server/php/index.php/phpformbuilder/plugins/jQuery-File-Upload/server/php/index.php
/phpformbuilder/plugins/jQuery-File-Upload/server/php/index.php
/elfinder/php/connector.minimal.php
/wpeprivate/config.json
/administrator/components/com_xcloner-backupandrestore/index2.php
/wp-content/plugins/cf7-storage/README.md
/imp/test.php
/horde3/imp/test.php
/horde/imp/test.php
/index.php/admin
/index.php/wp-json/wp/v2/posts?order=asc&per_page=1&offset=0
/index.php/wp-json/wp/v2/posts/?order=asc&per_page=1&offset=0
/backup/bitcoin
/backup/bitcoin/
/bitcoin/
/temp/bitcoin/wallet.dat
/temp/wallet.dat
/wallet/
/.wget-hsts
/.sqlite_history
/.lesshst
/wwwroot.tgz
/wwwroot.tar.xz
/wwwroot.tar.bz2
/wwwroot.sql.zip
/wwwroot.sql.tar.tgz
/wwwroot.sql.tar.gz
/wwwroot.sql.tar
/wwwroot.sql
/wwwroot.gz
/www.tar.xz
/www.tar.tgz
/www.tar.bz2
/www.7z
/web.tar.xz
/web.tar.tgz
/data.7z
/admin.tar.xz
/admin.tar.tgz
/admin.tar.bz2
/NAME_DOMEN.tar.xz
/NAME_DOMEN.tar.tgz
/NAME_DOMEN.tar.bz2
/DOMEN.tar.xz
/DOMEN.tar.tgz
/DOMEN.tar.bz2
/newsite/wp-admin
/blog/wp-config.php.backup
/connectors/system/phpthumb.php
/.idea/WebServers.xml
/.vscode/sftp.json
/bea_wls_deployment_internal
/sites/default/files/.ht.sqlite
/wp-admin/admin-ajax.php?action=mk_file_folder_manager&wpnonce=1589e1018d&cmd=open&target=&init=1&tree=1&=1535229962392
/wp-content/plugins/ultimate-member/assets/js/um-scripts.js
/installer.php
/installer-backup.php
/wallet/wallet.dat
/wallet
/bitcoin/backup/wallet.dat
/hostcmsfiles/main.js
/cms/lang/ru_utf8/css/sbIndex.css
/etm/indy.css
/indy/indy.css
/modules
/mscms/css/main.css
/system.sh
/root.sh
/mysql.sh
/ftp.sh
/files.sh
/connect.sh
/Dockerfile
/build.sh
//dbs.php
//connectors/system/phpthumb.php
/bitcoin
/backup/bitcoin/wallet.dat
/admin/.config.php.swp
/admin/config.php.bak
/blogwp/wp-login.php
/our-blog/wp-login.php
/wb/wp-login.php
/wordp/wp-login.php
/wpress/wp-login.php
/wps/wp-login.php
/administrator/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/
/administrator/fckeditor/editor/filemanager/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/
/{dddsite}.tar
/{dddsite}.sql.tar
/{dddsite}.sql.gz
/{dddsite}.sql
/{dddsite}.rar
/{dddsite}.gz
/{dddsite}.bck.sql
/cms/admin
/mscms
/netcat
/static/cartreminder.js
/static/common.css
/phpBB3
/forum.html
/{dddsite}.bck
/{dddsite}.bak.sql
/{dddsite}.bak
/{dddsite}.7z
/db.sql
/DB.tar.gz
/DB.sql.zip
/modules/modules/joomla-resize.php
/core/CHANGELOG.txt
/xmlrpz-sql.php
/wp-datas.php
/wp-pols.php
/gtde.php
/web-cache.php
/pma
/xmlrpc-activate.php
/parameters.php.backup
/config.php.backup
/roots.php
/shell.php
/lfm.php
/ftpsync.settings
/typo3/sysext/backend/Resources/Public/Images/typo3_orange.svg
/misc/drupal.js
/config/grid.editors.config.js
/SiteCore/login/Login.css
/Scf/Gfx/SmartletEditor/switch1.png
/umbraco_client/CodeArea/javascript.js
/ckfinder/ckfinder.html
/assets/ckfinder/ckfinder.html
/administrator.php
/index.php?com=admin
/users/sign_in
/cms
/admin/fckeditor/editor/dialog/fck_about/search.php
/%23config.inc.php%23
/%23config.php%23
/%23configuration.php%23
/%23index.php%23
/%23settings.php%23
/%23wp-config.php%23
/.config.inc.php.swp
/.config.php.swp
/.configuration.php.swp
/.index.php.swp
/.settings.php.swp
/.wp-config.php.swp
/1.sql.bz2
/1.sql.gz
/1.sql.xz
/DEADJOE
/backup.sql.xz
/config.inc.php.bak
/config.inc.php~
/data.sql.bz2
/data.sql.gz
/data.sql.xz
/database.sql.bz2
/database.sql.gz
/database.sql.xz
/db.sql.xz
/db_backup.sql.bz2
/db_backup.sql.gz
/db_backup.sql.xz
/dbdump.sql.bz2
/dbdump.sql.xz
/dump.sql.bz2
/dump.sql.xz
/hapwpnjj.htm
/index.php.bak
/index.php~
/localhost.sql
/localhost.sql.bz2
/localhost.sql.gz
/localhost.sql.xz
/mysql.sql.bz2
/mysql.sql.gz
/mysql.sql.xz
/mysqldump.sql
/mysqldump.sql.bz2
/mysqldump.sql.gz
/mysqldump.sql.xz
/settings.php.bak
/settings.php~
/site.sql.bz2
/site.sql.gz
/site.sql.xz
/sql.sql.bz2
/sql.sql.gz
/sql.sql.xz
/temp.sql.bz2
/temp.sql.gz
/temp.sql.xz
/translate.sql
/translate.sql.bz2
/translate.sql.gz
/translate.sql.xz
/users.sql.bz2
/users.sql.gz
/users.sql.xz
/MySQLDumper1.24.4/msd1.24.4/sql.php
/MySQLDumper1.24.4/sql.php
/MySQLDumper1.24.4stable/sql.php
/admin/sql.php
/admin/sql/sql.php
/backup/sql.php
/backups/sql.php
/datenbank/sql.php
/dump/sql.php
/dumper/sql.php
/myadmin/sql.php
/mysql/sql.php
//wp/wp-admin/setup-config.php
//wordpress/wp-admin/setup-config.php
//new/wp-admin/setup-config.php
//blog/wp-admin/setup-config.php
///wp-admin/setup-config.php
/settings.py~
/settings.py.bak
/hsnkmmrb.htm
/.settings.py.swp
/%23settings.py%23
/wp-includes/wp-tmp.php
/config/database.yml
/filezilla.xml
/sitemanager.xml
/winscp.ini
/ws_ftp.ini
/app/etc/local.xml
/store/js/mage/cookies.js
/modules/mod_simplefileuploadv1.3/elements/udd.php
/pma/scripts/setup.php
/phpMyAdmin/scripts/setup.php
/myadmin/scripts/setup.php
/logo_img.php
/.git/ORIG_HEAD
/.git
/.svn
/.gitconfig
/.config/git/config
/404.php?test=hello
/aipkey.php?test=hello
/bitrix/admin/htmleditor2/aipkey.php?test=hello
/images/aipkey.php?test=hello
/plugins/content/apismtp/apismtp.php?test=hello
/wp-content/plugins/apikey/apikey.php?test=hello
/wp-content/uploads/zgepd_oddsd.php?test=hello
/sites/all/themes/views/views.php?test=hello
/wp-content/uploads/%year%/%month%/zgepd_oddsd.php?test=hello
/admin/config.php.old
/admin/config.php.org
/admin/config.php.save
/admin/config.php_bak
/admin/config.php_old
/admin/config.php~
/admin/includes/.configure.org.php.swp
/admin/includes/.configure.php.swp
/admin/includes/configure.org.php.bak
/admin/includes/configure.org.php.old
/admin/includes/configure.org.php.org
/admin/includes/configure.org.php.save
/admin/includes/configure.org.php_bak
/admin/includes/configure.org.php_old
/admin/includes/configure.org.php~
/admin/includes/configure.php.bak
/admin/includes/configure.php.old
/admin/includes/configure.php.org
/admin/includes/configure.php.save
/admin/includes/configure.php_bak
/admin/includes/configure.php_old
/admin/includes/configure.php~
/app/config/.parameters.php.swp
/app/config/parameters.php.bak
/app/config/parameters.php.old
/app/config/parameters.php.org
/app/config/parameters.php.save
/app/config/parameters.php_bak
/app/config/parameters.php_old
/app/config/parameters.php~
/app/etc/.env.php.swp
/app/etc/.local.xml.swp
/app/etc/env.php.bak
/app/etc/env.php.old
/app/etc/env.php.org
/app/etc/env.php.save
/app/etc/env.php_bak
/app/etc/env.php_old
/app/etc/env.php~
/app/etc/local.xml.bak
/app/etc/local.xml.old
/app/etc/local.xml.org
/app/etc/local.xml.save
/app/etc/local.xml_bak
/app/etc/local.xml_old
/app/etc/local.xml~
/conf/.config.php.swp
/conf/config.php.bak
/conf/config.php.old
/conf/config.php.org
/conf/config.php.save
/conf/config.php_bak
/conf/config.php_old
/conf/config.php~
/config.php.org
/config.php_bak
/config.php_old
/config.php~
/config/.settings.inc.php.swp
/config/settings.inc.php.bak
/config/settings.inc.php.old
/config/settings.inc.php.org
/config/settings.inc.php.save
/config/settings.inc.php_bak
/config/settings.inc.php_old
/config/settings.inc.php~
/includes/.config.JTL-Shop.ini.php.swp
/includes/.configure.org.php.swp
/includes/.configure.php.swp
/includes/config.JTL-Shop.ini.php.bak
/includes/config.JTL-Shop.ini.php.old
/includes/config.JTL-Shop.ini.php.org
/includes/config.JTL-Shop.ini.php.save
/includes/config.JTL-Shop.ini.php_bak
/includes/config.JTL-Shop.ini.php_old
/includes/config.JTL-Shop.ini.php~
/includes/configure.org.php.bak
/includes/configure.org.php.old
/includes/configure.org.php.org
/includes/configure.org.php.save
/includes/configure.org.php_bak
/includes/configure.org.php_old
/includes/configure.org.php~
/includes/configure.php.bak
/includes/configure.php.old
/includes/configure.php.org
/includes/configure.php.save
/includes/configure.php_bak
/includes/configure.php_old
/includes/configure.php~
/wp-config.php.org
/wp-config.php_old
/admin/images/login/elementajanslogofooter.png
/cms.php
/homeLogin.action
/index.php?ctl=article_cate
/member/forgot_password.jspx
/mrtg-l.png
/base/login/login.php
/extmail/cgi/index.cgi
/defaultroot/login.jsp
/?controller=contact
/admin/up.php
/connectors/system/settings.php
/wp-content/plugins/wp-checkout/vendors/uploadify
/wp-content/plugins/viral-optins/api/uploader
/index.php?option=com_jimtawl&view=upload&task=upload&pop=true&tmpl=component
/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload
/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
/blog/.git/config
/index.php?option=com_user&view=login%7Cachatsy%7C8Ffjdi46nV
/index.php/component/users?view=login%7Cachatsy%7C8Ffjdi46nV
/upload/dispatch.php
/admin/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/
/admin/fckeditor/editor/filemanager/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/
/fck/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/
/fck/editor/filemanager/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/
/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/
/fckeditor/editor/filemanager/connectors/php/connector.php?Command=GetFoldersAndFiles&Type=File&CurrentFolder=/
/connect/index.php
/deployment-config.json
/.remote-sync.json
/cgi-bin/php?-d+allow_url_include=on+-d+safe_mode=off+-d+suhosin.simulation=on+-d+disable_functions=""+-d+open_basedir=none+-d+auto_prepend_file=php://input+-d+cgi.force_redirect=0+-d+cgi.redirect_status_env=0+-n
/cgi-bin/php5?-d+allow_url_include=on+-d+safe_mode=off+-d+suhosin.simulation=on+-d+disable_functions=""+-d+open_basedir=none+-d+auto_prepend_file=php://input+-d+cgi.force_redirect=0+-d+cgi.redirect_status_env=0+-n
/cgi-bin/php4?-d+allow_url_include=on+-d+safe_mode=off+-d+suhosin.simulation=on+-d+disable_functions=""+-d+open_basedir=none+-d+auto_prepend_file=php://input+-d+cgi.force_redirect=0+-d+cgi.redirect_status_env=0+-n
/cgi-bin/php-cgi?-d+allow_url_include=on+-d+safe_mode=off+-d+suhosin.simulation=on+-d+disable_functions=""+-d+open_basedir=none+-d+auto_prepend_file=php://input+-d+cgi.force_redirect=0+-d+cgi.redirect_status_env=0+-n
/cgi-bin/php.cgi?-d+allow_url_include=on+-d+safe_mode=off+-d+suhosin.simulation=on+-d+disable_functions=""+-d+open_basedir=none+-d+auto_prepend_file=php://input+-d+cgi.force_redirect=0+-d+cgi.redirect_status_env=0+-n
/plus/flink.php?dopost=save
/bitrix/
/config.bak
/config.php-bak
/config.php.bak
/config.php.old
/config.php.save
/inc/config.bak
/inc/config.php-bak
/inc/config.php.bak
/inc/config.php.old
/inc/config.php.save
/include/config.bak
/include/config.php-bak
/include/config.php.bak
/include/config.php.old
/include/config.php.save
/include/wp-config.txt
/wp-config.bak
/wp-config.php.save
/wp-config.txt
/config/databases.yml
/wp-config.php_bak
/wp-config.orig
/adm.php
/adminer.php
/adminer_nq.php
/sqladminer
/modules/simpleslideshow/uploadimage.php
/.ftpconfig
/.vscode/ftp-sync.json
/1.rar
/1.tar
/1.tar.gz
/2.rar
/2.tar
/2.tar.gz
/2.zip
/admin.rar
/admin.tar
/admin.tar.gz
/admin.zip
/backup.rar
/backup.tar
/backup.tar.gz
/blog.tar.gz
/blog.zip
/data.rar
/data.tar
/data.tar.gz
/data.zip
/db.rar
/DOMEN_NAME.rar
/DOMEN_NAME.sql
/DOMEN_NAME.tar
/DOMEN_NAME.tar.gz
/DOMEN_NAME.zip
/DOMEN().rar
/DOMEN().sql
/DOMEN().tar
/DOMEN().tar.gz
/DOMEN().zip
/DOMEN.rar
/DOMEN.sql
/DOMEN.tar
/DOMEN.tar.gz
/home.rar
/home.tar
/home.tar.gz
/home.zip
/html.rar
/html.tar
/html.tar.gz
/html.zip
/httpdocs.zip
/public.rar
/public.tar
/public.tar.gz
/public.zip
/public_html.rar
/public_html.tar
/public_html.tar.gz
/public_html.zip
/public_shtml.tar
/public_shtml.tar.gz
/public_shtml.zip
/root.rar
/root.tar
/root.tar.gz
/root.zip
/web.rar
/web.tar
/web.tar.gz
/web.zip
/www.rar
/www.tar
/www.zip
/wwwroot.rar
/wwwroot.tar
/wwwroot.tar.gz
/wwwroot.zip
/DOMEN(.).rar
/DOMEN(.).sql
/DOMEN(.).tar
/DOMEN(.).tar.gz
/DOMEN(.).zip
/umbraco_client/Application/UrlEncoder.js
/index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0&Itemid=0
/member
/core/xpdo/changelog.txt
/core/tpl/admin/default.tpl.html
/assets/modules/docmanager/js/docmanager.js
/msd1.24.2/sql.php
/msd1.24.3/sql.php
/msd1.24.4/sql.php
/msd1.24stable/sql.php
/cms/admin/index.php
/assets/index.html
/admin/login
/index.php/component/users?view=login
/BlueDot/Inc/WebEditor/AssetManager/assetmanager.asp
/api/xmlrpc/
/api/xmlrpc
/admin_login.aspx
/.env
/wp-content/plugins/wooebay/modules/remote_support/remote_tunnel.php
/sql/sql.php
/database/sql.php
/dumper.php
/dumper/dumper.php
/MySqlDumper/sql.php
/?author=
/wp-content/plugins/formcraft/file-upload/server/content/upload.php
/wp-content/plugins/formcraft/file-upload/server/php/upload.php
/.ssh/identity
/root/.ssh/identity
/customer/account/create/
/customer/account/login/
/eshop/customer/account/create/
/german/customer/account/create/
/shop/customer/account/create/
/store/customer/account/create/
/uk/customer/account/create/
/us/customer/account/create/
/de/de-de/customer/account/login/
/en-us/customer/account/create/
/en/customer/account/create/
/en/customer/account/createpost/
/en_rw/customer/account/create/
/lu_fr/customer/account/create/
/pokupki/customer/account/login/
/ru/customer/account/
/shop/customer/account/login/
/wp-config.phpbak
/wp-config.php.bak.a2
/wp-config.php.backup
/wp-config.php-bak
/wordpress
/utility/convert/index.php
/root/.ssh/id_rsa
/root/.ssh/id_dsa
/index.php?act=dispMemberLoginForm
/index.php?do=feedback
/www.tar.gz
/database.tar.gz
/litecoin.tar.gz
/blog/wp-login.php
/blogs/wp-login.php
/cms/wp-login.php
/en/wp-login.php
/home/wp-login.php
/main/wp-login.php
/new/wp-login.php
/news/wp-login.php
/site/wp-login.php
/test/wp-login.php
/web/wp-login.php
/wordpress/wp-login.php
/wp/wp-login.php
/index.php?option=com_user&task=register
/backup.dat
/backup.dat.1
/.bitcoin/wallet.dat
/wallet.dat
/backup/bitcoin.dat
/backup/bitcoin_wallet.dat
/backup/wallet%20-%20Copy.dat
/backup/wallet.dat
/backups/bitcoin.dat
/backups/bitcoin_wallet.dat
/backups/wallet.dat
/bitcoin%20datadir/wallet.dat
/bitcoin.dat
/bitcoin.dat.1
/bitcoin.dat.zip
/bitcoin.zip
/bitcoin/wallet.dat
/bitcoin_data/wallet.dat
/bitcoin_datadir/wallet.dat
/bitcoin_wallet.dat
/bitcoin_wallet.dat.1
/bitcoin_wallet.dat.zip
/bitcoin_wallet.zip
/bitcoindata/wallet.dat
/data/wallet.dat
/datadir/wallet.dat
/DOMEN.dat
/DOMEN.dat.1
/DOMEN.dat.zip
/DOMEN.zip
/DOMENwallet.dat
/DOMENwallet.dat.1
/DOMENwallet.dat.zip
/DOMENwallet.zip
/home/.bitcoin/wallet.dat
/home/root/.bitcoin/wallet.dat
/home/ubuntu/.bitcoin/wallet.dat
/wallet%20-%20Copy.dat
/wallet.dat
/wallet.dat.1
/wallet.dat.zip
/wallet.zip
/wallet_backup.dat
/wallet_backup.dat.1
/wallet_backup.dat.zip
/wallet_backup.zip
/sitecore/admin/login.aspx
/index.php?m=member&c=index&a=register&siteid=1
/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php
/wp-content/plugins/woocommerce-products-filter/readme.txt
/GXHLGSL.txt
/wp-includes/js/jquery/suggest.js
/tmp/sfx.php
/index.php/component/users?view=registration
/index.php?option=com_users&view=registration
/index.php?option=com_user&view=register
/eyeblaster/addineyev2.html
/wp-content/plugins/premium-seo-pack/readme.txt
/currentsetting.htm
/mm5/admin.mvc
//a2billing/admin/Public/index.php
/cgi-bin/atx/signup.cgi
/tp/trade.php
/admin/config.php
/bitrix/admin/#authorize
/wp-content/uploads/mc4wp-debug.log
/backup.sh
/wp-content/plugins/woozone/modules/remote_support/remote_tunnel.php
//blog/wp-includes/wlwmanifest.xml
//cms/wp-includes/wlwmanifest.xml
//site/wp-includes/wlwmanifest.xml
//wordpress/wp-includes/wlwmanifest.xml
//wp-includes/wlwmanifest.xml
//wp/wp-includes/wlwmanifest.xml
//xmlrpc.php?rsd
/temp.php
/scj/scjwebmaster.php
/uploadify/uploadify.php?folder=/
/admin/lib/tiny_mce/plugins/tinybrowser/upload.php?type=file/wp-login.php
/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/upload.php?type=file/wp-login.php
/static/js/tiny_mce/plugins/tinybrowser/upload.php?type=file/wp-login.php
/tiny_mce/plugins/tinybrowser/upload.php?type=file/wp-login.php
/te/signup.php
/backup.zip
/database.sql
/web.config
/images/temp.php
/images/yt.php
/modules/modules/temp.php
/rnnvhs.php
/wp-inde.php
/yt.php
/yt2.php
/ytt.php
/sample.php
/sfn.php
/wp-cods.php
/cms/
/forum.php
/media/system/js/caption.js
/media/system/js/core.js
/netcat/
/sxd/info.php
/.bzr/branch-format
/.hg/hgrc
/jm-ajax/upload_file/
//sloth_webmaster.php
/sloth_webmaster.php
/te3/signup.php
/dump/
/db_dump
/1.sql
/backup.sql
/backup.sql.bz2
/backup.sql.gz
/data.sql
/db.sql
/db.sql.bz2
/db.sql.gz
/db.sql.zip
/db.tar
/db.tar.gz
/db.zip
/db_backup.sql
/db_backup/backup.sql
/db_backup/db_backup.sql
/dbdump.sql
/dbdump.sql.gz
/dump.gz
/dump.sql
/dump.sql.gz
/dump.sql.tgz
/dump.sql.zip
/dump.tar
/dump.tar.gz
/dump.tgz
/dump.zip
/mysql.sql
/mysql.zip
/site.sql
/sql.gz
/sql.sql
/sql.tar
/sql.tar.gz
/sql.tgz
/sql.zip
/temp.sql
/users.sql
/vb/
/gaestebuch.php
/gb.php
/g_book.cgi
/default.asp
/apps/guestbook
/guestbook.html
/vbulletin/
/registration.php
/maill.php
/login/administrator/index.php
/jsLib/lib/jquery-ui-1.11.4/administrator/index.php
/ipb/
/ftt2/signup.php
/feed2js/magpie_debug.php
/community/
/caches.php
/boards/
/board/
/blogs/
/administrator/robots.txt
/administrator/includes/readmy.php
/wp-includes/js/tinymce/utils/validate.js
/wp-admin/setup-config.php?step=1
/wp/wp-admin/setup-config.php?step=1
/wordpress/wp-admin/setup-config.php?step=1
/web/wp-admin/setup-config.php?step=1
/test/wp-admin/setup-config.php?step=1
/site/wp-admin/setup-config.php?step=1
/news/wp-admin/setup-config.php?step=1
/new/wp-admin/setup-config.php?step=1
/main/wp-admin/setup-config.php?step=1
/login/wp-login.php
/jsLib/lib/jquery-ui-1.11.4/wp-login.php
/home/wp-admin/setup-config.php?step=1
/en/wp-admin/setup-config.php?step=1
/cms/wp-admin/setup-config.php?step=1
/blogs/wp-admin/setup-config.php?step=1
/blog/wp-admin/setup-config.php?step=1
/add.php
/links/add.php
/.ssh/id_dsa
/.ssh/id_rsa
/id_dsa
/id_rsa
/blog/wp-includes/wlwmanifest.xml
/site/wp-includes/wlwmanifest.xml
/user/
/wordpress/wp-includes/wlwmanifest.xml
/wp-admin/admin-ajax.php
/wp-includes/wlwmanifest.xml
/wp/wp-includes/wlwmanifest.xml
/magmi/web/ajax_pluginconf.php?file=test&plugintype=utilities&pluginclass=CustomSQLUtility
/admin/index.php?route=common/login
/index.php/admin/
/netcat/admin/
/admin/content/sitetree/
/adminzone
/manager
/manager/
/simpla/
/wp-content/plugins/fancybox-for-wordpress/js/admin.js
/js/mage/cookies.js
/wp-login.php?action=register
/plugins/system/anticopy.php
/plugins/system/anticopy/anticopy.php
/wp-content/themes/twentythirteen/system.php
/wp-content/themes/twentytwelve/system.php
/magmi/web/download_file.php?file=../../app/etc/local.xml
//.git/HEAD
/wp-admin/admin-ajax.php?action=revslider_show_image
/sftp-config.json
/NAME_DOMEN.7z
/NAME_DOMEN.backup
/NAME_DOMEN.bak
/NAME_DOMEN.bakup
/NAME_DOMEN.bas
/NAME_DOMEN.bz2
/NAME_DOMEN.db
/NAME_DOMEN.gz
/NAME_DOMEN.ini
/NAME_DOMEN.log
/NAME_DOMEN.old
/NAME_DOMEN.rar
/DOMEN.7z
/DOMEN.backup
/DOMEN.bak
/DOMEN.bakup
/DOMEN.bas
/DOMEN.bz2
/DOMEN.db
/DOMEN.gz
/DOMEN.ini
/DOMEN.log
/DOMEN.old
/DOMEN.rar
/DOMEN.sql
/DOMEN.sql.gz
/DOMEN.sql.tar
/DOMEN.sql.tgz
/DOMEN.tar
/DOMEN.tar.gz
/DOMEN.tgz
/DOMEN.txt
/DOMEN.xml
/DOMEN.zip
/NAME_DOMEN.sql
/NAME_DOMEN.sql.gz
/NAME_DOMEN.sql.tar
/NAME_DOMEN.sql.tgz
/NAME_DOMEN.tar
/NAME_DOMEN.tar.gz
/NAME_DOMEN.tgz
/NAME_DOMEN.txt
/NAME_DOMEN.xml
/NAME_DOMEN.zip
/tmp.php
/test3.php
/test2.php
/test1.php
/test.php
/restore.php
/index-1.php
/configuration.php.tmp
/configuration.php.old
/configuration.php.bak
/bitrix/php_interface/dbconn.php~
/bitrix/php_interface/dbconn.php
/bitrix/php_interface/dbconn.php.tmp
/bitrix/php_interface/dbconn.php.old
/bitrix/php_interface/dbconn.php.bak
/bitrix/php_interface/dbconn.php-
/bitrix/backup/.listing
/bitrix/ad.php
/bitrix/.settings.php1
/bitrix/.settings.php~
/bitrix/.settings.php
/bitrix/.settings.php.tmp
/bitrix/.settings.php.old
/bitrix/.settings.php.bak
/bitrix/.settings.php-
/wp-config.php.tmp
/wp-config.php.old
/wp-config.php.bak
/bitrix/php_interface/dbconn.php1
/register?agreed=true&step=2
/logo_img.php.suspected
/CGI/guestbook?page=1
/album.cgi
/aska.cgi
/bbs.cgi
/light.cgi
/modules.php?name=Your_Account
/scarbook.php
/blog/blog/
/blog/blog/robots.txt
/blog/wordpress/
/blog/wp/
/blog/xmlrpc.php?rsd
/.bzr/README
/.git/refs/heads
/.gitignore
/.hg/requires
/administrator/wp-login.php
/language/en-GB/language/en-GB/en-GB.xml
/bitrix
/wp-json/wp/v2/users/
/wp-content/plugins/fancybox-for-wordpress/readme.txt
/sites/default/settings
/.git/info/refs?service=git-upload-pack
/configuration.php
/.svn/entries
/CVS/Root
/basic_status
/core
/server-status
/nginx_status
/YaBB.cgi
/gastenboek.php
/guestbook
/guestbook.php
/jax_guestbook.php
/member/
/sbb.cgi
/seo-joy.cgi
/sunbbs.cgi?mode=form
/yabb.pl
/yapgb.php
/yybbs.cgi
/language/en-GB/en-GB.xml
//language/en-GB/en-GB.xml
/admin/
/admin/login.php
/blog
/cms/admin/
/mscms/
/vam_rss2_info.php
//app/etc/local.xml
/bitrix/admin/index.php?lang=en
/blog/administrator/index.php
/joomla/administrator/index.php
/joomla/robots.txt
/sites/default/settings.php-
/sites/default/settings.php1
/sites/default/settings.php
/sites/default/settings.php
/sites/default/settings.php~
/wp-config.php-
/wp-config.php1
/wp-config.php
/wp-config.php_
/configuration.php~
/configuration.php__
/configuration.php_
/configuration.php1
/configuration.php-
/wp//wp-login.php
/pricing
/index.php/component/users/?view=registration
/searchreplacedb2.php
/contact.asp
/contact.aspx
/contact.htm
/contact.html
/contact.php
/main.asp
/main.aspx
/main.htm
/main.html
/main.jsp
/main.php
/blog/feed
/typo3/index.php
/wordpress/feed
/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
/wp/feed
/user/login
/xss.php
/wso2.php
/wso.php
/webadmin/
/Thumbs.db
/test.php
/server-info/
/phppgadmin/
/phpinfo.php
/php.php
/logs/
/info.php
/index__.php
/index_.php
/config.txt
/config.ini
/CHANGELOG
/5.php
/4.php
/3.php
/2.php
/123.php
/111.php
/1.zip
/1.php
/_index.php
/__index.php
//phpMyAdmin/
/.mysql_history
/.idea/compiler.xml
/.hg/dirstate
/.git/index
/.DS_Store
/.bash_history
/xmlrpc.php?rsd
/xmlrpc.php
/wp-login.php
/wp-includes/js/wp-util.js
/wp-includes/js/wp-lists.js
/wp-includes/js/tw-sack.js
/wp-includes/js/plupload/plupload.js
/wp-includes/js/plupload/plupload.flash.swf
/wp-includes/js/mediaelement/flashmediaelement.swf
/wp-includes/js/jquery/jquery.js
/wp-includes/css/buttons.css
/wp-includes/css/admin-bar.css
/wp-config.php~
/wp-admin/
/wp-admin
/wp/wp-admin/
/wp/
/wordpress/wp-admin/
/wordpress//wp-login.php
/wordpress/
/webstat/
/webalizer/
/usage/
/tmUnblock.cgi
/tmp/
/test/wp-admin/
/test/
/temp/
/temp
/tds/header.php
/sql/sql/
/sql/backups/
/sql/backup/
/sql/
/readme.html
/read4/map.asp
/phpmyadmin/
/photo_pl_photos.php?aid=**&rand=***
/oldsite/
/old_site/
/old/wp-admin/
/old/
/netcat/admin
/mysql/
/msd/sql.php
/license.txt
/license.php
/hndUnblock.cgi
/feed/
/feed
/engine/engine.php
/demo/
/blog/xmlrpc.php
/blog/wp-admin/
/blog/robots.txt
/blog//wp-login.php
/blog/
/bitrix/admin/index.php
/bitrix/admin/
/bitrix/admin
/backup/
/administrator/index.php
/administrator/
/administrator
/admin/index.php
/admin.php
/admin
//wp-login.php
/.svn/wc.db
/.git/HEAD
/.git/config
/.git/
Cause
Web crawlers are scanning the site.
Resolution
Web crawling (spidering) is not used to hack anything, but received information can be used for further hack, so it is possible to block web crawlers.
There are several ways to prevent web crawling:
Note: this way is the most effective way in such situation.
-
Block the IP address from which one the web crawling is performed.
The IP address of the crawler can be found at the Plesk > Domains > example.com > Logs page
Note: According to Plesk documentation:
"plesk-apache-badbot looks for email grabbers and vulnerability scanners in Apache’s access log files. The ban lasts for two days"
-
Go to Plesk > Tools & Settings > IP Address Banning (Fail2Ban) > Settings, mark the Enable intrusion detection checkbox and click the Apply button.
-
Navigate to the Jails tab.
-
Mark the plesk-apache-badbot jail and click the Switch On button.
Note: According to Plesk documentation:
"In order to detect and prevent attacks against web applications, the web application firewall (ModSecurity) checks all requests to your web server and related responses from the server against its set of rules. If the check succeeds, the HTTP request is passed to website to retrieve the content. If the check fails, the predefined actions are performed"
-
Go to Plesk > Tools & Settings > Web Application Firewall (ModSecurity).
-
Switch the Web application firewall mode directive to the On value.
-
Select the required rule set in the corresponding option.
-
Leave the Predefined set of values on the Fast option and press the OK button to complete configuring.
Note: if the initial issue still occurs, switch the Predefined set of values directive to the Tradeoff or Thorough options or select more strict rule set.
Comments
0 comments
Please sign in to leave a comment.