Skip to content

Help with VPS server logs

mrlinksmrlinks UK
edited February 2022 in GSA Search Engine Ranker
Hello @Sven

My VPS guys are telling me SER or maybe Proxy Scraper is sending malicious requests and BitNinja Server Security is giving them this information.

See below what I was sent?

Url: [nhadepdongphong.vn/301.php]
Remote connection: []
Headers: [array (
'Host' => 'nhadepdongphong.vn',
'Connection' => 'keep-alive',
'User-Agent' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.99',
'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language' => 'en-US,en;q=0.5',
'Accept-Encoding' => 'gzip, deflate',
'DNT' => '1',
'sec-ch-ua' => '" Not;A Brand";v="99", "Google Chrome";v="65", "Chromium";v="65"',
'sec-ch-ua-mobile' => '?0',
'sec-gpc' => '1',
)]
Get data: [Array
(
[url] => https://www.winnipegfreepress.com/s?action=editReg&rurl=
)
]
Url: [nhadepdongphong.vn/301.php]
Remote connection: []
Headers: [array (
'Host' => 'nhadepdongphong.vn',
'Connection' => 'keep-alive',
'User-Agent' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36 OPR/52.0.2871.99',
'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language' => 'en-US,en;q=0.5',
'Accept-Encoding' => 'gzip, deflate',
'DNT' => '1',
'sec-ch-ua' => '" Not;A Brand";v="99", "Google Chrome";v="65", "Chromium";v="65"',
'sec-ch-ua-mobile' => '?0',
'sec-gpc' => '1',
)]
Get data: [Array
(
[url] => https://www.winnipegfreepress.com/s?action=editReg&rurl=
)
]
Url: [scientists-farmers.com/]
Remote connection: []
Headers: [array (
'Host' => 'scientists-farmers.com',
'Connection' => 'keep-alive',
'User-Agent' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36',
'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-Language' => 'en-US,en;q=0.5',
'Accept-Encoding' => 'gzip, deflate',
'DNT' => '1',
'sec-ch-ua' => '" Not;A Brand";v="99", "Google Chrome";v="66", "Chromium";v="66"',
'sec-ch-ua-mobile' => '?0',
'sec-gpc' => '1',
)]
Get data: [Array
(
[goto] => https://www.winnipegfreepress.com/s?action=editReg&rurl=
)
]

Comments

  • sickseosickseo London,UK
    edited February 2022
    I recently received a similar abuse complaint from my vps provider. Also bitninja logging the complaint. It's likely it happened when my proxies stopped working, so they logged the abuse complaint against my server ip, which normally does not happen. Running GSA SER on this server. It was just an FYI for me, so no action was required.

    Dear Provider,


    I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP 95.217.216.41 directed at our clients’ servers.


    As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.


    Servers are increasingly exposed as the targets of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.


    I've collected the 3 earliest logs below, and you can find the freshest 100, that may help you disinfect your server, under the link.


    Url: [firstcity.edu.my/event/pdrm-e-poster-competition-2021/]
    Remote connection: [95.217.216.41:33386]
    Headers: [array (
      'Host' => 'firstcity.edu.my',
      'User-Agent' => 'Java/11.0.10',
      'Accept' => 'text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2',
      'BN-Frontend' => 'waf-https',
      'BN-Client-Port' => '53644',
      'X-Forwarded-For' => '95.217.216.41',
    )]
    Url: [www.adoriabridal.com/product-tag/veil-tunang/]
    Remote connection: [95.217.216.41:50170]
    Headers: [array (
      'Host' => 'www.adoriabridal.com',
      'User-Agent' => 'Java/11.0.10',
      'Accept' => 'text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2',
      'BN-Frontend' => 'captcha-https',
      'X-Forwarded-Port' => '443',
      'X-Forwarded-Proto' => 'https',
      'BN-Client-Port' => '56902',
      'X-Forwarded-For' => '95.217.216.41',
    )]
    Url: [www.adoriabridal.com/product/basic-shawl-navy-blue/]
    Remote connection: [95.217.216.41:50292]
    Headers: [array (
      'Host' => 'www.adoriabridal.com',
      'User-Agent' => 'Java/11.0.10',
      'Accept' => 'text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2',
      'BN-Frontend' => 'captcha-https',
      'X-Forwarded-Port' => '443',
      'X-Forwarded-Proto' => 'https',
      'BN-Client-Port' => '57374',
      'X-Forwarded-For' => '95.217.216.41',
    )]
  • I use greencloud I keep telling them I'm using ANON ips from Proxy Scraper 

    Thank you for replying @sickseo good to know its not just my VPS 

    On another note are you still cranking hard with SER?

    I was an old user way back 2013 haha now I'm trying again with a few projects 
  • sickseosickseo London,UK
    edited February 2022
    2013? That's around the time I first started using it I think, when I got banned on senuke forum for always saying how great GSA SER was lol

    Yes, still cranking it hard and seeing great results from it. Literally every project I touch lol Even one word and two word phrases which I didn't think was possible until I tried lol
    My local seo projects are going really well. Using it on ecommerce sites with amazon and ebay products. Have clients in different niches and so far every keyword a client gives me is ranking or on its way up to page 1.

    So crack on is all I can say lol Give me a shout if you struggle with results. I'll see if I can set you on the right path.

    As for greencloud, I was using them back in the day. I've switched now to Hetzner cloud and hetzner dedi. If you're based near europe, I'd definitely recommend them. Speeds are insane. I'm running over 60 installs of gsa ser, so I have a decent sized operation going on here lol
  • SvenSven www.GSA-Online.de
    All the logs are probably from SER trying to register/login on some of these sites.
  • @sickseo mate you're quality can we do Telegram will PM you LOL
Sign In or Register to comment.