Jump to content
The Uniform Server Community
Sign in to follow this  
jayuk20

Are these hack attempts?

Recommended Posts

First of all I am a tad confused, I have to Apache logs which are www.my-domain.com-access.log and access.log. The access log for my domain has the odd bot connecting to it but access.log has loads of IP's mainly from Russia & China and a few form the USA with things like...

 

98.100.186.95 - - [01/May/2012:22:00:15 +0100] "GET /phpMyAdmin-2.2.3/index.php HTTP/1.1" 404 194

98.100.186.95 - - [01/May/2012:22:00:15 +0100] "GET /phpMyAdmin-2.2.6/index.php HTTP/1.1" 404 195

98.100.186.95 - - [01/May/2012:22:00:15 +0100] "GET /phpMyAdmin-2.5.1/index.php HTTP/1.1" 404 194

98.100.186.95 - - [01/May/2012:22:00:16 +0100] "GET /phpMyAdmin-2.5.4/index.php HTTP/1.1" 404 194

98.100.186.95 - - [01/May/2012:22:00:18 +0100] "GET /phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1" 404 198

98.100.186.95 - - [01/May/2012:22:00:19 +0100] "GET /phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1" 404 198

98.100.186.95 - - [01/May/2012:22:00:19 +0100] "GET /phpMyAdmin-2.5.5/index.php HTTP/1.1" 404 194

98.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1" 404 199

98.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.6/index.php HTTP/1.1" 404 195

98.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.7/index.php HTTP/1.1" 404 195

98.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1" 404 198

61.51.18.235 - - [02/May/2012:11:02:34 +0100] "GET /user/soapCaller.bs HTTP/1.1" 404 186

31.31.200.75 - - [02/May/2012:16:23:27 +0100] "HEAD / HTTP/1.0" 200 -

 

I guess they are looking for particular versions of phpMyAdmin so they can exploit a security hole. Also how come both access are being used and is there an htaccess code I can add to block entire IP ranges? It would be good to have a custom redirect too.

Share this post


Link to post
Share on other sites

First of all I am a tad confused, I have to Apache logs which are www.my-domain.com-access.log and access.log. The access log for my domain has the odd bot connecting to it but access.log has loads of IP's mainly from Russia & China and a few form the USA with things like...

I guess they are looking for particular versions of phpMyAdmin so they can exploit a security hole. Also how come both access are being used and is there an htaccess code I can add to block entire IP ranges? It would be good to have a custom redirect too.

 

Supposedly this is an IP from Delafield, WI, US. I've seen the same script ran against my server. I've banned the IP from accessing my servers.

 

You should be fine though... They are looking for phpmyadmin that's why you always want to keep it inaccessible from the outside. You can VPN into your network and work in phpmyadmin if necessary or just work with it locally.

 

Get used to it. These scripts are more common than what you may think. Even though you certainly want to block repeated offenders if possible.

Share this post


Link to post
Share on other sites

access.log catches all the non-domain-specific traffic.

 

I believe it may be possible to restrict access to just your domain-specific account, but I'd have to work out how to block the rest of the traffic. I don't know if using a .htaccess file is sufficient, since it would use the IP address.

 

Someone else may know more about how to do this than I. In the meantime, you'll just have to deal with all that toxic traffic.

 

Regards,

BobS

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...