recently I've identified that some hack attempt was performed at one of my servers.
I have dumped nginx logs to github, please take a look and try to identify which tool was used to perform this attack.
Excerpt from log:
195.154.41.132 - ktuser [04/Nov/2016:12:59:18 -0400] "POST /apply.cgi HTTP/1.1" 404 459 "-" "-"
195.154.41.132 - ktuser [04/Nov/2016:12:59:18 -0400] "GET /cgi_bin/user_network_connection.asp HTTP/1.1" 404 459 "-" "-"
162.243.79.108 - - [01/Nov/2016:16:39:57 -0400] "HEAD http://8.8.8.8:80/phpmyadmin4/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee"
162.243.79.108 - - [01/Nov/2016:16:39:57 -0400] "HEAD http://8.8.8.8:80/2phpmyadmin/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee"
162.243.79.108 - - [01/Nov/2016:16:39:57 -0400] "HEAD http://8.8.8.8:80/phpmy/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee"
162.243.79.108 - - [01/Nov/2016:16:39:57 -0400] "HEAD http://8.8.8.8:80/phppma/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee"
162.243.79.108 - - [01/Nov/2016:16:39:57 -0400] "HEAD http://8.8.8.8:80/myadmin/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee"
162.243.79.108 - - [01/Nov/2016:16:39:57 -0400] "HEAD http://8.8.8.8:80/shopdb/ HTTP/1.1" 404 0 "-" "Mozilla/5.0 Jorgee"
Full log can be seen here: https://gist.github.com/acosonic/772971fee7b4b20c5ba3da7657a42430
Also, please advice if there is some behavioural tool that would learn and identify that above is a threat, and ban such IP's.