What is the goal of somebody probing my aws ec2 instance with apache2?

From access.log I found weird visiting pattern. What would be the purpose of this kind of probing?

219.106.219.16 - - [11/Mar/2016:15:00:14 +0200] "HEAD my.aws.ec2.instance:80/1phpmyadmin/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:14 +0200] "HEAD my.aws.ec2.instance:80/2phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:14 +0200] "HEAD my.aws.ec2.instance:80/3phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:15 +0200] "HEAD my.aws.ec2.instance:80/4phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:15 +0200] "HEAD my.aws.ec2.instance:80/MyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:15 +0200] "HEAD my.aws.ec2.instance:80/PMA/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:15 +0200] "HEAD my.aws.ec2.instance:80/PMA2011/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:16 +0200] "HEAD my.aws.ec2.instance:80/PMA2012/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:16 +0200] "HEAD my.aws.ec2.instance:80/PMA2013/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:16 +0200] "HEAD my.aws.ec2.instance:80/PMA2014/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:17 +0200] "HEAD my.aws.ec2.instance:80/PMA2015/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:17 +0200] "HEAD my.aws.ec2.instance:80/admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:17 +0200] "HEAD my.aws.ec2.instance:80/admin/db/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:17 +0200] "HEAD my.aws.ec2.instance:80/admin/pMA/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:18 +0200] "HEAD my.aws.ec2.instance:80/admin/phpMyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:18 +0200] "HEAD my.aws.ec2.instance:80/admin/phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:18 +0200] "HEAD my.aws.ec2.instance:80/admin/sqladmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:19 +0200] "HEAD my.aws.ec2.instance:80/admin/sysadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:19 +0200] "HEAD my.aws.ec2.instance:80/admin/web/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:19 +0200] "HEAD my.aws.ec2.instance:80/administrator/PMA/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:19 +0200] "HEAD my.aws.ec2.instance:80/administrator/admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:20 +0200] "HEAD my.aws.ec2.instance:80/administrator/db/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:20 +0200] "HEAD my.aws.ec2.instance:80/administrator/phpMyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:20 +0200] "HEAD my.aws.ec2.instance:80/administrator/phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:20 +0200] "HEAD my.aws.ec2.instance:80/administrator/pma/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:21 +0200] "HEAD my.aws.ec2.instance:80/administrator/web/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:21 +0200] "HEAD my.aws.ec2.instance:80/database/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:21 +0200] "HEAD my.aws.ec2.instance:80/db/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:22 +0200] "HEAD my.aws.ec2.instance:80/db/db-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:22 +0200] "HEAD my.aws.ec2.instance:80/db/dbadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:22 +0200] "HEAD my.aws.ec2.instance:80/db/dbweb/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:22 +0200] "HEAD my.aws.ec2.instance:80/db/myadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:23 +0200] "HEAD my.aws.ec2.instance:80/db/phpMyAdmin-3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:23 +0200] "HEAD my.aws.ec2.instance:80/db/phpMyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:23 +0200] "HEAD my.aws.ec2.instance:80/db/phpMyAdmin3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:24 +0200] "HEAD my.aws.ec2.instance:80/db/phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:24 +0200] "HEAD my.aws.ec2.instance:80/db/phpmyadmin3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:24 +0200] "HEAD my.aws.ec2.instance:80/db/webadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:24 +0200] "HEAD my.aws.ec2.instance:80/db/webdb/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:25 +0200] "HEAD my.aws.ec2.instance:80/db/websql/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:25 +0200] "HEAD my.aws.ec2.instance:80/dbadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:25 +0200] "HEAD my.aws.ec2.instance:80/myadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:26 +0200] "HEAD my.aws.ec2.instance:80/myadminphp/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:26 +0200] "HEAD my.aws.ec2.instance:80/mysql-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:26 +0200] "HEAD my.aws.ec2.instance:80/mysql/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:26 +0200] "HEAD my.aws.ec2.instance:80/mysql/admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:27 +0200] "HEAD my.aws.ec2.instance:80/mysql/db/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:27 +0200] "HEAD my.aws.ec2.instance:80/mysql/dbadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:27 +0200] "HEAD my.aws.ec2.instance:80/mysql/mysqlmanager/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:27 +0200] "HEAD my.aws.ec2.instance:80/mysql/pMA/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:28 +0200] "HEAD my.aws.ec2.instance:80/mysql/pma/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:28 +0200] "HEAD my.aws.ec2.instance:80/mysql/sqlmanager/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:28 +0200] "HEAD my.aws.ec2.instance:80/mysql/web/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:29 +0200] "HEAD my.aws.ec2.instance:80/mysqladmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:29 +0200] "HEAD my.aws.ec2.instance:80/mysqlmanager/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:29 +0200] "HEAD my.aws.ec2.instance:80/php-my-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:29 +0200] "HEAD my.aws.ec2.instance:80/php-myadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:30 +0200] "HEAD my.aws.ec2.instance:80/phpMyAdmin-2/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:30 +0200] "HEAD my.aws.ec2.instance:80/phpMyAdmin-3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:30 +0200] "HEAD my.aws.ec2.instance:80/phpMyAdmin-4/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:31 +0200] "HEAD my.aws.ec2.instance:80/phpMyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:31 +0200] "HEAD my.aws.ec2.instance:80/phpMyAdmin2/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:31 +0200] "HEAD my.aws.ec2.instance:80/phpMyAdmin3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:31 +0200] "HEAD my.aws.ec2.instance:80/phpMyAdmin4/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:32 +0200] "HEAD my.aws.ec2.instance:80/phpMyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:32 +0200] "HEAD my.aws.ec2.instance:80/phpmanager/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:32 +0200] "HEAD my.aws.ec2.instance:80/phpmy-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:32 +0200] "HEAD my.aws.ec2.instance:80/phpmy/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:33 +0200] "HEAD my.aws.ec2.instance:80/phpmyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:33 +0200] "HEAD my.aws.ec2.instance:80/phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:33 +0200] "HEAD my.aws.ec2.instance:80/phpmyadmin1/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:34 +0200] "HEAD my.aws.ec2.instance:80/phpmyadmin2/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:34 +0200] "HEAD my.aws.ec2.instance:80/phpmyadmin3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:34 +0200] "HEAD my.aws.ec2.instance:80/phpmyadmin4/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:34 +0200] "HEAD my.aws.ec2.instance:80/phppma/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:35 +0200] "HEAD my.aws.ec2.instance:80/pma/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:35 +0200] "HEAD my.aws.ec2.instance:80/pma2011/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:35 +0200] "HEAD my.aws.ec2.instance:80/pma2012/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:36 +0200] "HEAD my.aws.ec2.instance:80/pma2013/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:36 +0200] "HEAD my.aws.ec2.instance:80/pma2014/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:36 +0200] "HEAD my.aws.ec2.instance:80/pma2015/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:36 +0200] "HEAD my.aws.ec2.instance:80/program/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:37 +0200] "HEAD my.aws.ec2.instance:80/shopdb/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:37 +0200] "HEAD my.aws.ec2.instance:80/sql/myadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:37 +0200] "HEAD my.aws.ec2.instance:80/sql/php-myadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:38 +0200] "HEAD my.aws.ec2.instance:80/sql/phpMyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:38 +0200] "HEAD my.aws.ec2.instance:80/sql/phpMyAdmin2/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:38 +0200] "HEAD my.aws.ec2.instance:80/sql/phpMyAdmin3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:38 +0200] "HEAD my.aws.ec2.instance:80/sql/phpMyAdmin4/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:39 +0200] "HEAD my.aws.ec2.instance:80/sql/phpmanager/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:39 +0200] "HEAD my.aws.ec2.instance:80/sql/phpmy-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:39 +0200] "HEAD my.aws.ec2.instance:80/sql/phpmyadmin2/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:39 +0200] "HEAD my.aws.ec2.instance:80/sql/phpmyadmin3/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:40 +0200] "HEAD my.aws.ec2.instance:80/sql/phpmyadmin4/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:40 +0200] "HEAD my.aws.ec2.instance:80/sql/sql-admin/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:40 +0200] "HEAD my.aws.ec2.instance:80/sql/sql/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:41 +0200] "HEAD my.aws.ec2.instance:80/sql/sqladmin/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:41 +0200] "HEAD my.aws.ec2.instance:80/sql/sqlweb/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:41 +0200] "HEAD my.aws.ec2.instance:80/sql/webadmin/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:41 +0200] "HEAD my.aws.ec2.instance:80/sql/webdb/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 Jorgee"
219.106.219.16 - - [11/Mar/2016:15:00:42 +0200] "HEAD my.aws.ec2.instance:80/sql/websql/ HTTP/1.1" 404 158 "-" "Mozilla/5.0 Jorgee"

Answers


Any web server on the public internet will see this sort of traffic.

Automated bots crawl all possible IP addresses looking for vulnerable versions of common software (including but hardly limited to phpMyAdmin, WordPress, Drupal, IIS exploits, etc.).


If you use apache2 just include following line into your .htaccess file:

<IfModule mod_rewrite.c>
  RewriteEngine on

  RewriteCond %{HTTP_USER_AGENT} ^(.*)Jorgee$
  RewriteRule .* - [F]
</IfModule>

So the bot will receive a 403 error and the request is not forwarded to your php application (which probably would open a database connection to respond with a 404 error)


Need Your Help

flot: Could not draw pie with labels contained inside canvas

javascript charts flot

I'm trying to do a bit of charting and came across this weird error message. Here is an example of what works:

Bash script to start logstash java script

java shell amazon-web-services boot logstash

I'm using AWS EC2 and a custom script that needs to run: