Everyday, there's one IP 58.218.204.110 try to get a non-exist file hxxp://216.245.205.74/judge.php from my server. The IP 216.245.205.74 is not my server IP. Do I just ignore it or is there any problem? Thanks.
Wordpress stats:
Date Time IP Threat Page OS Browser
August 4, 2010 13:23:07 58.218.204.110 0 hxxp://216.245.205.74/judge.php Windows XP Internet Explorer 6
August 4, 2010 10:08:53 58.218.204.110 0 hxxp://216.245.205.74/judge.php Windows XP Internet Explorer 6
August 4, 2010 06:58:07 58.218.204.110 0 hxxp://216.245.205.74/judge.php Windows XP Internet Explorer 6
Access Log:
58.218.204.110 - - [30/Jul/2010:01:01:25 -0700] "GET hxxp://216.245.205.74/judge.php hxxp/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [30/Jul/2010:03:49:36 -0700] "GET hxxp://216.245.205.74/judge.php hxxp/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [30/Jul/2010:06:46:42 -0700] "GET hxxp://216.245.205.74/judge.php hxxp/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [30/Jul/2010:09:27:22 -0700] "GET hxxp://216.245.205.74/judge.php hxxp/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [30/Jul/2010:12:20:24 -0700] "GET hxxp://216.245.205.74/judge.php hxxp/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [30/Jul/2010:14:56:25 -0700] "GET hxxp://216.245.205.74/judge.php hxxp/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [31/Jul/2010:22:36:58 -0700] "GET hxxp://216.245.205.74/judge.php hxxp/1.1" 404 286 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [03/Aug/2010:01:42:46 -0700] "GET hxxp://216.245.205.74/judge.php hxxp/1.1" 301 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [04/Aug/2010:10:08:52 -0700] "GET hxxp://216.245.205.74/judge.php hxxp/1.1" 301 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
58.218.204.110 - - [04/Aug/2010:13:23:06 -0700] "GET hxxp://216.245.205.74/judge.php hxxp/1.1" 301 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
I guess you substituted http with hxxp in the messages (it isn't clear). If so, someone is probing your server to see if it is configured to act as proxy. Since you don't seem to be running mod_proxy, it returns 404 (Not found).
Usually, there is no need to worry. If you have servers publicly visible to the Internet, you are going to see this every single day. Also, people trying to exploit all kinds of vulnerabilities in all kinds of software (phpMyAdmin is particularly annoying), even the ones you don't have installed. Also, ISC.SANS.DFind...
However, those 301 (Redirect) responses are strange...
You're probably seeing the 301 redirects as the result of a hostname rewrite directive in the .htaccess file under your WordPress installation directory. (sorry, not seeing the option to reply directly to the last answer)
its part of botnet thats probably looking for proxy servers to attack so just block it
Sat, 2010-08-07 01:28:55 - TCP Packet - Source:58.218.204.110,12200 Destination:xx.xx.xx.xx,8085 - [Any(TCP) rule match] Sat, 2010-08-07 01:28:56 - TCP Packet - Source:58.218.204.110,12200 Destination:xx.xx.xx.xx,8080 - [Any(TCP) rule match] Sat, 2010-08-07 01:28:56 - TCP Packet - Source:58.218.204.110,12200 Destination:xx.xx.xx.xx,80 - [Any(TCP) rule match] Sat, 2010-08-07 01:28:56 - TCP Packet - Source:58.218.204.110,12200 Destination:xx.xx.xx.xx,8000 - [Any(TCP) rule match] Sat, 2010-08-07 01:28:57 - TCP Packet - Source:58.218.204.110,12200 Destination:xx.xx.xx.xx,8088 - [Any(TCP) rule match] Sat, 2010-08-07 01:28:57 - TCP Packet - Source:58.218.204.110,12200 Destination:xx.xx.xx.xx,8008 - [Any(TCP) rule match] Sat, 2010-08-07 01:28:57 - TCP Packet - Source:58.218.204.110,12200 Destination:xx.xx.xx.xx,8129 - [Any(TCP) rule match]