January 12, 201214 yr comment_9953 This is why everyone should be concerned about the web server security. There are scripts kiddies messing around all day long and trying to find vulnerabilities in your web server. [Wed Jan 11 19:48:14 2012] [error] [client 218.80.254.134] (20024)The given path is misformatted or contained invalid characters: Cannot map GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1 to file[Wed Jan 11 19:48:14 2012] [error] [client 218.80.254.134] File does not exist: D:/UniServer/www/admin[Wed Jan 11 19:48:14 2012] [error] [client 218.80.254.134] File does not exist: D:/UniServer/www/admin[Wed Jan 11 19:48:15 2012] [error] [client 218.80.254.134] File does not exist: D:/UniServer/www/admin[Wed Jan 11 23:58:20 2012] [error] [client 119.60.2.40] (20024)The given path is misformatted or contained invalid characters: Cannot map GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1 to file[Wed Jan 11 23:58:20 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/phpMyAdmin[Wed Jan 11 23:58:21 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/phpmyadmin[Wed Jan 11 23:58:22 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/pma[Wed Jan 11 23:58:22 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/myadmin[Wed Jan 11 23:58:23 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/MyAdmin[Thu Jan 12 13:14:10 2012] [error] [client 173.226.105.226] File does not exist: D:/UniServer/www/vhosts[Thu Jan 12 13:14:11 2012] [error] [client 173.226.105.226] File does not exist: D:/UniServer/www/ehcp Never doubt it, even when you don't see it on a daily basis, it is happening. This is when your apache rules rule! The rest is taken care by the firewall... <p class="bbc_center"><span style="font-size:12px;"><strong>Yoni</strong></span></p> Report
January 22, 201214 yr Author comment_9992 So what was it they were trying to do?Most of the time you want to attack the weakest spot on a server. Hackers are smart enough to understand that your server is as secure as the weakest vulnerability they can target. They ain't doing anything in specific at that point. They are just trying to map the setup there. If they can find something like phpmyadmin, admin page of any kind or applications that are not secured by default then they already have a target. Brute forcing your admin login (or any login) against a 30GB-40GB passwords database is a good start and simple to implement. Lazy admins tend to believe that running a server is just a matter of setting it and forgetting it. They can't be farther from the truth, you should always keep your eyes in your server's logs. Once you start doing so, you actually start making your server a lot more secure by nature. I'm loving UniServer, honestly. It can't get any simpler. <p class="bbc_center"><span style="font-size:12px;"><strong>Yoni</strong></span></p> Report
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.