Hi. Just looking through my logs for 404 pages I could either replace or redirect, and found this…
Any idea why someone would check to see if that file was on my server? I’ve never installed vbulletin?
If it was a single hit it could just be someone trying to find out what CMS you used to build a website (perhaps their trying to make a similar website and looking for what’s behind the design - we get those sorts of questions around here regularly), with people removing the details of the CMS used some people cleverly check for files which they can verify against (as CMS’s use certain naming conventions for system-wide files). I’m not sure a hacker would check against CSS files (in preference to examining scripts or firing known exploits at the server) as it doesn’t really give you much in the way of clues as to whether their running an affected version.
Sounds like a hacker looking for websites with vbulletin to hack them. By looking if that file exists they know if you have vbulletin, and if you do they could try to hack it.
Like was said it’s likely to be an automated malicious robot sent to do its master’s bidding (rather than an actual person). You’ll generally see tonnes of requests within the Server Logs for none existent paths and files (looking for well-known vulnerabilities) on sites with good visibility.
They tried /clientscript/vbulletin_important.css as well.