Bitlybot Scanning WordPress Admin
September 13th, 2009 | 
Author: I added the Twitter Tools plugin to a few of my websites that has a plugin for the URL shortening service bit.ly. I’m troubled though. When the plugin is active the bitlybot is repeatedly trying to access my admin area using multiple IP addresses, usually right after I have been in the admin area. Is anyone else running a WordPress noticing this? In the interim the bitlybot is banned. Bye bye bitlybot.
IP: 174.129.127.192 September 13 2009 10:24:54
Request: /wp-admin/page.php?action=edit
Code: On our user agent blacklist
Accept: */*
Agent: bitlybot
Related DougWeb posts:
- WordPress 2.7 Upgrade Anomaly I have no Admin menus and I do not know...
- My Favorite WordPress Plugins In support of Plugin Developer’s Day I list my favorite...
- PopularWireless WordPress Blog HACKED by Muslim Extremists – Host Network Solutions Our sister blog at popularwireless.com has been hacked, apparently by...
- WordPress Plugin: Psychic Search The Psychic Search plugin from MaxBlogPress is a unique tool...
- I Guess if I Could Use a Fire Hose I’d Use It The great thing about the new WordPress Firewall plugin by...
- WordPress Plugin Updates Blocked WordPress plugin updates, an Akismet IP address, and updates to...
- WordPress Automatic Upgrade at Network Solutions Near as I can tell when you use the Network...
- New SQL Injection Attack Detected at DougWeb The Firewall plugin detected two injection attempts last Friday, April...
- Pop’s Twitter Updates for 2009-09-08 @waynek Nice shot of Gibbs there on the bridge. http://twitpic.com/gu84a...
Related posts brought to you by Yet Another Related Posts Plugin.
Posted in 
Tags: 
Watching this bot closely on two blogs I've found that it does not honor robots.txt. It uses the Amazon cloud however the company that is supposed to have had the IP "instance" at that time claims NOT to be bitlybot but rather a well know bot with good intentions. Each time I report the bad bitlybot I get a message back from the other outfit. They hedge and haw and say things like, "Well you didn't have a robots.txt," so I put one in. It didn't matter but they later said, "Well the bot only collects data based on Twitter URL's it finds." That's not true for this bot whatever it is because this bitlybot is looking ONLY at my admin areas by sending http access commands. There's something fishy here that I don't exactly understand.
My questions are:
1. Is this the real bitlybot?
2. Is it a hacker or company of hackers attacking a site to find vulnerabilities?
3. What is the motivation for the persistent attempts at access?
Oddly enough I have noticed the SAME attempts from a bot using the name ia_archiver. Attempts to access blog admin areas. There's no reason to go there ESPECIALLY since the area is PROHIBITED in robots.txt. Is there anyone seeing weird activity like this?