From what we have researched some of them are trying to open sites that either download dodgy programs or in some way try to compromise the site or the viewer.
We have this happen several times a week, not sure if a php script we have installed is somehow compromised and people are exploiting it but here is our site http://www.MyLifestyleSavings.com i am helping build it for someone and they have notified me about the problem and im at a loss.
Thanks in advance for any and all help.
OriginalFundRaisingWidget - Free "Non Commercial" PayPal FundRaising Widget, for Charities, Organizations and Individuals, Hosted Free. Check It Out
First thing is to change all your passwords on the server (including FTP users), making sure you use "strong" passwords for the new ones.
Any directory that does not need to have files written to it by your PHP scripts should have its permissions set so that only the owner (you) has write permission. The corollary is to try to avoid having any sensitive scripts in world-writable directories. (So in other words, make a separate directory for things like file uploads, and leave all your script/include directories read-only for the world.)
Review all your scripts for anywhere that you use user inputs to select files that get included (or worse, executed). If you have control of your PHP settings via php.ini or .htaccess, at the very least turn off allow_url_include, and consider turning off allow_url_fopen if you don't need it.
Review your Apache access logs if you have access to them, and look for things where the URL includes external URLs in the query string, or "../../" type of directory strings trying to move up the directory tree and read something on the server. These may point you toward a script that someone has found a hole in.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation