Page not found report from other domain?

[modulok30]

A 'page not found' error was encountered on the www.wantsfly.com domain

DETAILS:
----------------------------------------------------------------------
When: Tue Feb 23 2010 3:23:57 pm EST
Who: 61.183.15.9
Failed Page: http://www.wantsfly.comhttp://www.wantsfly.com/prx2.php

I keep getting these notices, my domain is not wantsfly.com, I do not understand why I keep getting this.

[internet54]

Where are you getting these notices and how are they caused?
What actions are you doing to cause the error?

Are you hosted on the same server?

[ccagle8]

looks like it is trying to steal data or soemthing... take a look (or maybe dont look, i did it...) at http://ww w.wantsfly.com/prx2.php

Edit: take a look here: http://www.webmasterworld.com/apache/3616772.htm

[modulok30]

I figured it was some type of hacker. Strange thing is that it wasn't even using my domain.

I have seen others that are looking at non-existent files/folders on my server. One noticeable one was setup.php within the phpmyadmin folder (which isnt setup...YET).

[n00dles101]

Looks like a proxy server or a translation service esp if its from china

[n00dles101]

Ignore thay last comment. Looks like a well known vuln scanner. Do a search for prx2.php in google. This guy is well known...

[modulok30]

so what can be done? can I set a deny object in the .htaccess file to deny other countries besides the USA? I could input the IP of each failed attempt, but that would get annoying.

[internet54]

Have your host add a deny to it's ip_tables file.
Give them the domain name and ip address of the attacking site.

[modulok30]

For now, I added the few IPs that I 'caught' into the firewall (iptables) of my NAS.

I found this site that might work for blocking whole countries.
http://ipinfodb.com/ip_country_block.php

If I continue to get these hack attempts I will add all of those IP ranges.