Contact Info

sean [at] coreitpro [dot] com gpg key

sc68cal on Libera

Malicious Impersonation Of Bingbot

Some fairly interesting log entries. Someone in Bluehost’s IP space was impersonating the bingbot and trying to find Joomla installs. 1002 requests in a 4 minute period.

scollins@Uller ~/Downloads/logs » grep '74.220.207.172' all | wc
    1002   15030  191883


scollins@Uller ~/Downloads/logs » grep '74.220.207.172' all | head
74.220.207.172 - - [20/May/2012:00:43:09 -0400] "GET /administrator/ HTTP/1.1" 404 212 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:43:10 -0400] "POST /administrator/index.php HTTP/1.1" 404 221 "http://coreitpro.com/administrator/index.php" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:43:10 -0400] "GET /administrator/ HTTP/1.1" 404 212 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:43:10 -0400] "POST /administrator/index.php HTTP/1.1" 404 221 "http://coreitpro.com/administrator/index.php" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:43:10 -0400] "GET /administrator/ HTTP/1.1" 404 212 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:43:11 -0400] "POST /administrator/index.php HTTP/1.1" 404 221 "http://coreitpro.com/administrator/index.php" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:43:11 -0400] "GET /administrator/ HTTP/1.1" 404 212 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:43:11 -0400] "POST /administrator/index.php HTTP/1.1" 404 221 "http://coreitpro.com/administrator/index.php" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:43:11 -0400] "GET /administrator/ HTTP/1.1" 404 212 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:43:11 -0400] "POST /administrator/index.php HTTP/1.1" 404 221 "http://coreitpro.com/administrator/index.php" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"


scollins@Uller ~/Downloads/logs » grep '74.220.207.172' all | tail
74.220.207.172 - - [20/May/2012:00:46:45 -0400] "GET /administrator/ HTTP/1.1" 404 212 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:46:45 -0400] "POST /administrator/index.php HTTP/1.1" 404 221 "http://coreitpro.com/administrator/index.php" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:46:45 -0400] "GET /administrator/ HTTP/1.1" 404 212 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:46:46 -0400] "POST /administrator/index.php HTTP/1.1" 404 221 "http://coreitpro.com/administrator/index.php" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:46:46 -0400] "GET /administrator/ HTTP/1.1" 404 212 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:46:46 -0400] "POST /administrator/index.php HTTP/1.1" 404 221 "http://coreitpro.com/administrator/index.php" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:46:46 -0400] "GET /administrator/ HTTP/1.1" 404 212 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:46:47 -0400] "POST /administrator/index.php HTTP/1.1" 404 221 "http://coreitpro.com/administrator/index.php" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:46:47 -0400] "GET /administrator/ HTTP/1.1" 404 212 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
74.220.207.172 - - [20/May/2012:00:46:47 -0400] "POST /administrator/index.php HTTP/1.1" 404 221 "http://coreitpro.com/administrator/index.php" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"


scollins@Uller ~/Downloads/logs » whois 74.220.207.172

NetRange:       74.220.192.0 - 74.220.223.255
CIDR:           74.220.192.0/19
OriginAS:       AS46606
NetName:        BLUEHOST-NETWORK-2
NetHandle:      NET-74-220-192-0-1
Parent:         NET-74-0-0-0-0
NetType:        Direct Allocation
RegDate:        2007-01-09
Updated:        2011-11-29
Ref:            http://whois.arin.net/rest/net/NET-74-220-192-0-1