Jump to content
The Uniform Server Community

Uniserver Security


ShadowIllusion
 Share

Recommended Posts

I saw my apache access.log and got something like this:

 

200.195.156.242 - - [18/Feb/2012:12:40:58 +0000] "GET /muieblackcat HTTP/1.1" 403 184

200.195.156.242 - - [18/Feb/2012:12:40:58 +0000] "GET //index.php HTTP/1.1" 403 182

200.195.156.242 - - [18/Feb/2012:12:40:58 +0000] "GET //admin/index.php HTTP/1.1" 403 186

200.195.156.242 - - [18/Feb/2012:12:40:59 +0000] "GET //admin/pma/index.php HTTP/1.1" 403 192

200.195.156.242 - - [18/Feb/2012:12:40:59 +0000] "GET //admin/phpmyadmin/index.php HTTP/1.1" 403 194

200.195.156.242 - - [18/Feb/2012:12:40:59 +0000] "GET //db/index.php HTTP/1.1" 403 183

200.195.156.242 - - [18/Feb/2012:12:41:00 +0000] "GET //dbadmin/index.php HTTP/1.1" 403 187

200.195.156.242 - - [18/Feb/2012:12:41:00 +0000] "GET //myadmin/index.php HTTP/1.1" 403 187

200.195.156.242 - - [18/Feb/2012:12:41:00 +0000] "GET //mysql/index.php HTTP/1.1" 403 186

200.195.156.242 - - [18/Feb/2012:12:41:01 +0000] "GET //mysqladmin/index.php HTTP/1.1" 403 193

200.195.156.242 - - [18/Feb/2012:12:41:01 +0000] "GET //typo3/phpmyadmin/index.php HTTP/1.1" 403 196

200.195.156.242 - - [18/Feb/2012:12:41:01 +0000] "GET //phpadmin/index.php HTTP/1.1" 403 190

200.195.156.242 - - [18/Feb/2012:12:41:02 +0000] "GET //phpMyAdmin/index.php HTTP/1.1" 403 193

200.195.156.242 - - [18/Feb/2012:12:41:02 +0000] "GET //phpmyadmin/index.php HTTP/1.1" 403 193

200.195.156.242 - - [18/Feb/2012:12:41:02 +0000] "GET //phpmyadmin1/index.php HTTP/1.1" 403 193

200.195.156.242 - - [18/Feb/2012:12:41:03 +0000] "GET //phpmyadmin2/index.php HTTP/1.1" 403 193

200.195.156.242 - - [18/Feb/2012:12:41:03 +0000] "GET //pma/index.php HTTP/1.1" 403 184

200.195.156.242 - - [18/Feb/2012:12:41:03 +0000] "GET //web/phpMyAdmin/index.php HTTP/1.1" 403 195

200.195.156.242 - - [18/Feb/2012:12:41:04 +0000] "GET //xampp/phpmyadmin/index.php HTTP/1.1" 403 196

200.195.156.242 - - [18/Feb/2012:12:41:04 +0000] "GET //web/index.php HTTP/1.1" 403 184

200.195.156.242 - - [18/Feb/2012:12:41:04 +0000] "GET //php-my-admin/index.php HTTP/1.1" 403 194

200.195.156.242 - - [18/Feb/2012:12:41:05 +0000] "GET //websql/index.php HTTP/1.1" 403 186

200.195.156.242 - - [18/Feb/2012:12:41:05 +0000] "GET //phpmyadmin/index.php HTTP/1.1" 403 193

200.195.156.242 - - [18/Feb/2012:12:41:05 +0000] "GET //phpMyAdmin/index.php HTTP/1.1" 403 193

200.195.156.242 - - [18/Feb/2012:12:41:06 +0000] "GET //phpMyAdmin-2/index.php HTTP/1.1" 403 195

200.195.156.242 - - [18/Feb/2012:12:41:06 +0000] "GET //php-my-admin/index.php HTTP/1.1" 403 194

200.195.156.242 - - [18/Feb/2012:12:41:06 +0000] "GET //phpMyAdmin-2.2.3/index.php HTTP/1.1" 403 197

200.195.156.242 - - [18/Feb/2012:12:41:07 +0000] "GET //phpMyAdmin-2.2.6/index.php HTTP/1.1" 403 198

200.195.156.242 - - [18/Feb/2012:12:41:07 +0000] "GET //phpMyAdmin-2.5.1/index.php HTTP/1.1" 403 198

200.195.156.242 - - [18/Feb/2012:12:41:07 +0000] "GET //phpMyAdmin-2.5.4/index.php HTTP/1.1" 403 198

200.195.156.242 - - [18/Feb/2012:12:41:08 +0000] "GET //phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1" 403 200

200.195.156.242 - - [18/Feb/2012:12:41:08 +0000] "GET //phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1" 403 201

200.195.156.242 - - [18/Feb/2012:12:41:08 +0000] "GET //phpMyAdmin-2.5.5/index.php HTTP/1.1" 403 198

200.195.156.242 - - [18/Feb/2012:12:41:09 +0000] "GET //phpMyAdmin-2.5.5-pl1/index.php HTTP/1.1" 403 201

200.195.156.242 - - [18/Feb/2012:12:41:09 +0000] "GET //phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1" 403 201

200.195.156.242 - - [18/Feb/2012:12:41:09 +0000] "GET //phpMyAdmin-2.5.6-rc2/index.php HTTP/1.1" 403 201

200.195.156.242 - - [18/Feb/2012:12:41:10 +0000] "GET //phpMyAdmin-2.5.6/index.php HTTP/1.1" 403 199

200.195.156.242 - - [18/Feb/2012:12:41:10 +0000] "GET //phpMyAdmin-2.5.7/index.php HTTP/1.1" 403 199

200.195.156.242 - - [18/Feb/2012:12:41:10 +0000] "GET //phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1" 403 202

 

Not only from this, but there's many other IP with the same request pattern. How to stop it, and is this safe for Uniserver?

Link to comment
Share on other sites

Use .htaccess and block it

Deny from 200.195.156.242

and voila.

Everyday I make LOG check and put a lot of IP's which are using some bot to scan the server for vulnerabilities and exploits. Good configured and maintained server is too hard to hack of course if 0-day exploit was not found.

I reccomend using .htaccess because no one as I know can pass that type of security :blink:

Another thing is to gain access ONLY to IP's on which you trust and DENY from all :)

Enjoy!

 

I ask before for that type of functionality which I'll appreciate to see in future releases.

http://forum.uniformserver.com/index.php?s...ic=2293&hl=

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...