Skip to content
Help Center

Hello, Peppa! botnet blocked

Our application firewall blocks attacks carried out by the Hello Peppa botnet. The risk associated with this robot has been neutralized.

Our application firewall has blocked access from a new robot used to attack weak points on many websites.

The robot was discovered on June 16 and is identified by including the following text in its connection data: die ("Hello, Peppa!").

Its goal is to search for backdoors that may have been installed on your website at some point without your knowledge.

During the first month alone, more than 120,000 "Hello, Peppa!" attacks were detected, all targeting port 80.

The URLs most commonly attacked by this robot include:

/7788.php
/8899.php
/9678.php
/conflg.php
/db.init.php
/db__.init.php
/db_session.init.php
/mx.php
/qq.php
/s.php
/sheep.php
/w.php
/wc.php
/wshell.php
/wuwu11.php
/xshell.php
/xw.php
/xx.php

Is my website in danger?

If you are a Bacan client, do not worry. You are protected against this robot by our security layers.