1

I have a blog hosted with Ghost CMS. I created a new blog post (say "My New Blog") and correspondingly there was a url generated (mysite.com/mynewblog/)

The weird part is that I saw an access to this post within 2 minutes of creating it. And ever weirder: the access IP was from China (IP to location).

Even if I assume that the CMS reports new blogs somewhere central, why would that be China? The access log looks like this:

61.178.78.96 - - [20/Jun/2015:14:32:32 +0000] "GET /mynewblog/ HTTP/1.0" 200 - "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"

Is someone in my webserver?

Vilican
  • 2,703
  • 8
  • 21
  • 35
sandyp
  • 1,146
  • 1
  • 9
  • 17

1 Answers1

0

There are constant scans being performed all over the Internet constantly. These scans include crawlers that follow every link that they can find. I am not surprised at all that you had someone access a link you created, even in such short a time.

From the few details you provided, I do not see any reason to believe that someone has unauthorized access to your server. Your server is public and anything you post is public, too.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • Wouldn't a crawler scan for "/" (or "/index.???" first? And then go for "/mynewblog/" page? I just see one access from this IP in that duration. If you need more details, let me know. – sandyp Jun 25 '15 at 17:01
  • Perhaps, is that what happened? – schroeder Jun 25 '15 at 17:05
  • It's also possible that the crawling of the root was done by another IP that passed the new link list on to subsidiaries. The IP you post is listed in the 'botnet' directories, so it's possible. – schroeder Jun 25 '15 at 17:09