Part of running an actual server (as opposed to shared web hosting) is actually being concerned about security. I regularly keep an eye on my access logs and the like, and I don’t usually find that much to worry about — I just keep iptables, and a few other tools, within reach.
But this particular user-agent string show up in visits from time to time (bots, I’m guessing)… what the hell is Firefox Miami Style?
An example:
37.9.53.64 - - [26/Dec/2013:13:34:39 -0500] "POST /wp-login.php/wp-login.php HTTP/1.1" 200 10956 "writegeek.com/wp-login.php/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0 USA\\Miami Style"
Trying to POST to a nonexistent URL? That’s classic Miami style, if I’ve ever seen it.
I am currently running a website for a neighborhood and I too noticed many failed attempts to access the admin section of the site…
Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20100101 Firefox/21.0 USA\Miami Style
Not sure what it is yet but I’m looking.
Thank you for the response, Joe. I’m eager to hear what you’re able to find.
Just encountered this one myself, same as Joe described last year — attempting brute force password-guessing to login as Admin/Administrator/etc.