Another security problem..
Jim Popovitch
jimpop at yahoo.com
Thu Oct 20 16:58:59 UTC 2005
Another? Heck, that's old stuff from quite some time (Internet time)
ago. If I had a nickel for every invalid file access attempt..... ;-)
-Jim P.
James Kosin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> Everyone,
>
> On 19-Oct-05 at about 1:00pm my time, someone from IP 194.150.85.114
> accessed my web-server trying to access a file called
> main.php in the following places:
> 194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] "GET
> /phpmyadmin/main.php HTTP/1.0" 404 304 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] "GET /PMA/main.php
> HTTP/1.0" 404 297 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /mysql/main.php
> HTTP/1.0" 404 299 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /admin/main.php
> HTTP/1.0" 404 299 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /db/main.php
> HTTP/1.0" 404 296 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /dbadmin/main.php
> HTTP/1.0" 404 301 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET
> /web/phpMyAdmin/main.php HTTP/1.0" 404 308 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET
> /admin/pma/main.php HTTP/1.0" 404 303 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
> /admin/phpmyadmin/main.php HTTP/1.0" 404 310 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
> /admin/mysql/main.php HTTP/1.0" 404 305 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
> /mysql-admin/main.php HTTP/1.0" 404 305 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
> /phpmyadmin2/main.php HTTP/1.0" 404 305 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
> /mysqladmin/main.php HTTP/1.0" 404 304 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
> /mysql-admin/main.php HTTP/1.0" 404 305 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET /main.php
> HTTP/1.0" 404 293 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
> /phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 310 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
> /phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 310 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
> /phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 310 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:57 -0400] "GET
> /phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 310 "-" "pmafind"
> 194.150.85.114 - - [19/Oct/2005:13:01:57 -0400] "GET
> /phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 310 "-" "pmafind"
>
> Of course, this attack fell on deaf ears on my server.... but, I'd
> like everyone to know since this is a security risk if they do have a
> PHP document configuring some of these administrative tasks open on
> the internet.
>
> Thanks,
> James Kosin
>
> - - --
> - - --
> James Kosin
>
> International Communications Group, Inc.
> 230 Pickett's Line
> Newport News, VA 23603-1366
> - - - United States of America -
>
> Phone: 1(757)947-1030 ext. 122
> Fax : 1(757)947-1035
>
> - - --
> GPG Fingerprint: 28E9 6487 34B2 18DD 6468 F091 8CD9 2038 DEB0 0590
> GPG Key ID: 0xDEB00590
>
> - -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFDV75UjNkgON6wBZARA6DmAJ9NMxZNiNCvKxy8eBZZQ0D7luLnegCfXDb8
> SYP3+FueDyDnOzdwLLDA2PI=
> =D30R
> - -----END PGP SIGNATURE-----
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
> iD8DBQFDV757kNLDmnu1kSkRA8uzAJ43tmMFXtvaGW4SC8IOjVbvYFVbzACfbWO/
> 5C3JQsLUIER/lsmoAQbRD8k=
> =Ij0X
> -----END PGP SIGNATURE-----
More information about the fedora-legacy-list
mailing list