Bitlybot Scanning WordPress Admin
September 13th, 2009 | 
Author: I added the Twitter Tools plugin to a few of my websites that has a plugin for the URL shortening service bit.ly. I’m troubled though. When the plugin is active the bitlybot is repeatedly trying to access my admin area using multiple IP addresses, usually right after I have been in the admin area. Is anyone else running a WordPress noticing this? In the interim the bitlybot is banned. Bye bye bitlybot.
IP: 174.129.127.192 September 13 2009 10:24:54
Request: /wp-admin/page.php?action=edit
Code: On our user agent blacklist
Accept: */*
Agent: bitlybot
Comment here or on the Faster-better BBS
No TweetBacks yet. (Be the first to Tweet this post)
Related DougWeb posts:
- WordPress 2.7 Upgrade Anomaly I have no Admin menus and I do not know...
- My Favorite WordPress Plugins In support of Plugin Developer’s Day I list my favorite...
- WordPress Plugin: Psychic Search The Psychic Search plugin from MaxBlogPress is a unique tool...
- PopularWireless WordPress Blog HACKED by Muslim Extremists – Host Network Solutions Our sister blog at popularwireless.com has been hacked, apparently by...
- New SQL Injection Attack Detected at DougWeb The Firewall plugin detected two injection attempts last Friday, April...
- I Guess if I Could Use a Fire Hose I’d Use It The great thing about the new WordPress Firewall plugin by...
- The Network Solutions mySQL Server Has Gone Away – Sigh …or at least slowed down just enough to become a...
- WordPress Automatic Upgrade at Network Solutions Near as I can tell when you use the Network...
- Microsoft Excel vulnerability affects Mac and PC Microsoft has issued a security advisory about an Excel vulnerability...
Related posts brought to you by Yet Another Related Posts Plugin.
Posted in 
Tags: 
Let's unseat Mike Miller in District 27. Join Team Ron Miller. Click here to join us!
Watching this bot closely on two blogs I’ve found that it does not honor robots.txt. It uses the Amazon cloud however the company that is supposed to have had the IP “instance” at that time claims NOT to be bitlybot but rather a well know bot with good intentions. Each time I report the bad bitlybot I get a message back from the other outfit. They hedge and haw and say things like, “Well you didn’t have a robots.txt,” so I put one in. It didn’t matter but they later said, “Well the bot only collects data based on Twitter URL’s it finds.” That’s not true for this bot whatever it is because this bitlybot is looking ONLY at my admin areas by sending http access commands. There’s something fishy here that I don’t exactly understand.
My questions are:
1. Is this the real bitlybot?
2. Is it a hacker or company of hackers attacking a site to find vulnerabilities?
3. What is the motivation for the persistent attempts at access?
Oddly enough I have noticed the SAME attempts from a bot using the name ia_archiver. Attempts to access blog admin areas. There’s no reason to go there ESPECIALLY since the area is PROHIBITED in robots.txt. Is there anyone seeing weird activity like this?