ShadowIllusion Posted February 24, 2012 Report Share Posted February 24, 2012 I saw my apache access.log and got something like this: 200.195.156.242 - - [18/Feb/2012:12:40:58 +0000] "GET /muieblackcat HTTP/1.1" 403 184200.195.156.242 - - [18/Feb/2012:12:40:58 +0000] "GET //index.php HTTP/1.1" 403 182200.195.156.242 - - [18/Feb/2012:12:40:58 +0000] "GET //admin/index.php HTTP/1.1" 403 186200.195.156.242 - - [18/Feb/2012:12:40:59 +0000] "GET //admin/pma/index.php HTTP/1.1" 403 192200.195.156.242 - - [18/Feb/2012:12:40:59 +0000] "GET //admin/phpmyadmin/index.php HTTP/1.1" 403 194200.195.156.242 - - [18/Feb/2012:12:40:59 +0000] "GET //db/index.php HTTP/1.1" 403 183200.195.156.242 - - [18/Feb/2012:12:41:00 +0000] "GET //dbadmin/index.php HTTP/1.1" 403 187200.195.156.242 - - [18/Feb/2012:12:41:00 +0000] "GET //myadmin/index.php HTTP/1.1" 403 187200.195.156.242 - - [18/Feb/2012:12:41:00 +0000] "GET //mysql/index.php HTTP/1.1" 403 186200.195.156.242 - - [18/Feb/2012:12:41:01 +0000] "GET //mysqladmin/index.php HTTP/1.1" 403 193200.195.156.242 - - [18/Feb/2012:12:41:01 +0000] "GET //typo3/phpmyadmin/index.php HTTP/1.1" 403 196200.195.156.242 - - [18/Feb/2012:12:41:01 +0000] "GET //phpadmin/index.php HTTP/1.1" 403 190200.195.156.242 - - [18/Feb/2012:12:41:02 +0000] "GET //phpMyAdmin/index.php HTTP/1.1" 403 193200.195.156.242 - - [18/Feb/2012:12:41:02 +0000] "GET //phpmyadmin/index.php HTTP/1.1" 403 193200.195.156.242 - - [18/Feb/2012:12:41:02 +0000] "GET //phpmyadmin1/index.php HTTP/1.1" 403 193200.195.156.242 - - [18/Feb/2012:12:41:03 +0000] "GET //phpmyadmin2/index.php HTTP/1.1" 403 193200.195.156.242 - - [18/Feb/2012:12:41:03 +0000] "GET //pma/index.php HTTP/1.1" 403 184200.195.156.242 - - [18/Feb/2012:12:41:03 +0000] "GET //web/phpMyAdmin/index.php HTTP/1.1" 403 195200.195.156.242 - - [18/Feb/2012:12:41:04 +0000] "GET //xampp/phpmyadmin/index.php HTTP/1.1" 403 196200.195.156.242 - - [18/Feb/2012:12:41:04 +0000] "GET //web/index.php HTTP/1.1" 403 184200.195.156.242 - - [18/Feb/2012:12:41:04 +0000] "GET //php-my-admin/index.php HTTP/1.1" 403 194200.195.156.242 - - [18/Feb/2012:12:41:05 +0000] "GET //websql/index.php HTTP/1.1" 403 186200.195.156.242 - - [18/Feb/2012:12:41:05 +0000] "GET //phpmyadmin/index.php HTTP/1.1" 403 193200.195.156.242 - - [18/Feb/2012:12:41:05 +0000] "GET //phpMyAdmin/index.php HTTP/1.1" 403 193200.195.156.242 - - [18/Feb/2012:12:41:06 +0000] "GET //phpMyAdmin-2/index.php HTTP/1.1" 403 195200.195.156.242 - - [18/Feb/2012:12:41:06 +0000] "GET //php-my-admin/index.php HTTP/1.1" 403 194200.195.156.242 - - [18/Feb/2012:12:41:06 +0000] "GET //phpMyAdmin-2.2.3/index.php HTTP/1.1" 403 197200.195.156.242 - - [18/Feb/2012:12:41:07 +0000] "GET //phpMyAdmin-2.2.6/index.php HTTP/1.1" 403 198200.195.156.242 - - [18/Feb/2012:12:41:07 +0000] "GET //phpMyAdmin-2.5.1/index.php HTTP/1.1" 403 198200.195.156.242 - - [18/Feb/2012:12:41:07 +0000] "GET //phpMyAdmin-2.5.4/index.php HTTP/1.1" 403 198200.195.156.242 - - [18/Feb/2012:12:41:08 +0000] "GET //phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1" 403 200200.195.156.242 - - [18/Feb/2012:12:41:08 +0000] "GET //phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1" 403 201200.195.156.242 - - [18/Feb/2012:12:41:08 +0000] "GET //phpMyAdmin-2.5.5/index.php HTTP/1.1" 403 198200.195.156.242 - - [18/Feb/2012:12:41:09 +0000] "GET //phpMyAdmin-2.5.5-pl1/index.php HTTP/1.1" 403 201200.195.156.242 - - [18/Feb/2012:12:41:09 +0000] "GET //phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1" 403 201200.195.156.242 - - [18/Feb/2012:12:41:09 +0000] "GET //phpMyAdmin-2.5.6-rc2/index.php HTTP/1.1" 403 201200.195.156.242 - - [18/Feb/2012:12:41:10 +0000] "GET //phpMyAdmin-2.5.6/index.php HTTP/1.1" 403 199200.195.156.242 - - [18/Feb/2012:12:41:10 +0000] "GET //phpMyAdmin-2.5.7/index.php HTTP/1.1" 403 199200.195.156.242 - - [18/Feb/2012:12:41:10 +0000] "GET //phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1" 403 202 Not only from this, but there's many other IP with the same request pattern. How to stop it, and is this safe for Uniserver? Quote Link to comment Share on other sites More sharing options...
stream Posted February 24, 2012 Report Share Posted February 24, 2012 Use .htaccess and block itDeny from 200.195.156.242and voila.Everyday I make LOG check and put a lot of IP's which are using some bot to scan the server for vulnerabilities and exploits. Good configured and maintained server is too hard to hack of course if 0-day exploit was not found.I reccomend using .htaccess because no one as I know can pass that type of security Another thing is to gain access ONLY to IP's on which you trust and DENY from all Enjoy! I ask before for that type of functionality which I'll appreciate to see in future releases.http://forum.uniformserver.com/index.php?s...ic=2293&hl= Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.