I using WAMPServer on my computer for testing and development. I forgot and left it online for a few days and I notice a bunch of random requests that aren't even from my IP. Here are some examples.
77.73.69.127 - - [29/Apr/2012:08:22:20 -0700] "HEAD /manager/html HTTP/1.0" 200 -
58.218.199.250 - - [29/Apr/2012:08:31:54 -0700] "GET http://www.verysurf.com/proxyheader.php HTTP/1.1" 404 213
58.218.199.147 - - [29/Apr/2012:08:35:37 -0700] "GET http://www.travelimgusa.com/ip.php HTTP/1.1" 200 1340
58.218.199.250 - - [29/Apr/2012:10:03:53 -0700] "GET http://61.152.144.145/judge.php HTTP/1.1" 200 1355
58.218.199.227 - - [29/Apr/2012:12:04:07 -0700] "GET http://59.53.91.9/proxy/judge.php HTTP/1.1" 200 1335
58.218.199.250 - - [29/Apr/2012:13:08:29 -0700] "GET http://59.53.91.9/proxy/judge.php HTTP/1.1" 404 213
58.218.199.250 - - [29/Apr/2012:13:08:29 -0700] "GET http://59.53.91.9/proxy/judge.php HTTP/1.1" 200 1335
A lot of them are from this 58.218.199.250 IP.
Another IP I noticed has been trying to access my database manager.
200.196.48.40 - - [28/Apr/2012:16:12:32 -0700] "GET /index.php HTTP/1.1" 200 4599
200.196.48.40 - - [28/Apr/2012:16:12:33 -0700] "GET /admin/index.php HTTP/1.1" 404 213
200.196.48.40 - - [28/Apr/2012:16:12:33 -0700] "GET /admin/pma/index.php HTTP/1.1" 404 217
200.196.48.40 - - [28/Apr/2012:16:12:34 -0700] "GET /admin/phpmyadmin/index.php HTTP/1.1" 404 224
200.196.48.40 - - [28/Apr/2012:16:12:34 -0700] "GET /db/index.php HTTP/1.1" 404 210
200.196.48.40 - - [28/Apr/2012:16:12:35 -0700] "GET /dbadmin/index.php HTTP/1.1" 404 215
200.196.48.40 - - [28/Apr/2012:16:12:35 -0700] "GET /myadmin/index.php HTTP/1.1" 404 215
200.196.48.40 - - [28/Apr/2012:16:12:35 -0700] "GET /mysql/index.php HTTP/1.1" 404 213
200.196.48.40 - - [28/Apr/2012:16:12:36 -0700] "GET /mysqladmin/index.php HTTP/1.1" 404 218
200.196.48.40 - - [28/Apr/2012:16:12:36 -0700] "GET /typo3/phpmyadmin/index.php HTTP/1.1" 404 224
200.196.48.40 - - [28/Apr/2012:16:12:37 -0700] "GET /phpadmin/index.php HTTP/1.1" 404 216
200.196.48.40 - - [28/Apr/2012:16:12:37 -0700] "GET /phpMyAdmin/index.php HTTP/1.1" 404 218
200.196.48.40 - - [28/Apr/2012:16:12:38 -0700] "GET /phpmyadmin/index.php HTTP/1.1" 403 222
And that's all this IP was doing. Well it returned a 404 since the permissions is local only. And of course all these IPs are from Brazil, China, and Russia... Should I be worried about these random requests or is it normal? Are these bots or crawlers?
All perfectly normal and expected on any public facing we server. What you're seeing is the results of a standard scripted attempt to gain access into your system using known weak points. It's not unusual to see hundreds or even thousands of such requests from a single source in a single day.
It's an excellent illustration of why it's important to ensure the software is kept up to date and locked down as much as practical. Additionally, ensure you use strong passwords. Once a suitable access point is located you can watch the attempts to access your accounts, normally starting with simple dictionary attacks.
These are breaking attempts (at least the DB access trials). It is normal to receive such type of requests. The important point is to make sure your database and any other important files are secured against such attempts.
I get these kind of logs all the time on my server. And, as I am a person who detests hacking and penetration attempts, I usually follow up by reporting these penetration attacks to the Unites States Computer Emergency Response Team at http://www.us-cert.gov . Of course I can appreciate these attacks as merely a person learning to become a "security expert", but they can experiment on their own network, and not on my server.
Usually I run the IP address through the websites listed here http://www.iana.org/numbers .
This gives me the ISP Business Information and the "abuse" email from the hackers ISP . I send them a copy of my logs, the confirmation number from my report to the US-CERT, and a kind note to let them know I'm reporting this incident. For years, this has been nearly 100% effective to stop SPAM by using the IP address from the spam header information.
Also, I also create a specific line of code for my server denying all traffic from that ISP.
On my server I type "deny from xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx" or "deny from "location.location.ru" where "x" or "location.location.ru" is the beginning and ending IP spectrum for that ISP (separated by a space - no Quotes - review your servers documentation about denying or blocking IPs). You can find a ISP Address Spectrum at the top of the ISP information listed on IANA's websites (WHOIS Search).
This will block ALL traffic from that ISP. Careful! As this is a radical move, this procedure can block tens of thousands of potential hits coming from that ISP, but, as for me, I'm in The United States and I serve my pages locally, so traffic from China or Russia means nothing to me. I don't mind blocking half of Hong Kong or Prague on some of my websites.
Good Luck, Hope this info is helpful. Always use good protection :)