Another security problem..
James Kosin
jkosin at beta.intcomgrp.com
Thu Oct 20 15:57:47 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Everyone,
On 19-Oct-05 at about 1:00pm my time, someone from IP 194.150.85.114
accessed my web-server trying to access a file called
main.php in the following places:
194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] "GET
/phpmyadmin/main.php HTTP/1.0" 404 304 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] "GET /PMA/main.php
HTTP/1.0" 404 297 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /mysql/main.php
HTTP/1.0" 404 299 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /admin/main.php
HTTP/1.0" 404 299 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /db/main.php
HTTP/1.0" 404 296 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /dbadmin/main.php
HTTP/1.0" 404 301 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET
/web/phpMyAdmin/main.php HTTP/1.0" 404 308 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET
/admin/pma/main.php HTTP/1.0" 404 303 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
/admin/phpmyadmin/main.php HTTP/1.0" 404 310 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
/admin/mysql/main.php HTTP/1.0" 404 305 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
/mysql-admin/main.php HTTP/1.0" 404 305 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
/phpmyadmin2/main.php HTTP/1.0" 404 305 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
/mysqladmin/main.php HTTP/1.0" 404 304 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
/mysql-admin/main.php HTTP/1.0" 404 305 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET /main.php
HTTP/1.0" 404 293 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
/phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 310 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
/phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 310 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
/phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 310 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:57 -0400] "GET
/phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 310 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:57 -0400] "GET
/phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 310 "-" "pmafind"
Of course, this attack fell on deaf ears on my server.... but, I'd
like everyone to know since this is a security risk if they do have a
PHP document configuring some of these administrative tasks open on
the internet.
Thanks,
James Kosin
- - --
- - --
James Kosin
International Communications Group, Inc.
230 Pickett's Line
Newport News, VA 23603-1366
- - - United States of America -
Phone: 1(757)947-1030 ext. 122
Fax : 1(757)947-1035
- - --
GPG Fingerprint: 28E9 6487 34B2 18DD 6468 F091 8CD9 2038 DEB0 0590
GPG Key ID: 0xDEB00590
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDV75UjNkgON6wBZARA6DmAJ9NMxZNiNCvKxy8eBZZQ0D7luLnegCfXDb8
SYP3+FueDyDnOzdwLLDA2PI=
=D30R
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDV757kNLDmnu1kSkRA8uzAJ43tmMFXtvaGW4SC8IOjVbvYFVbzACfbWO/
5C3JQsLUIER/lsmoAQbRD8k=
=Ij0X
-----END PGP SIGNATURE-----
--
Scanned by ClamAV - http://www.clamav.net
More information about the fedora-list
mailing list