Portal Home > Knowledgebase > Articles Database > is this something to be concerned with?
is this something to be concerned with?
Posted by russ71, 09-15-2010, 03:07 PM |
This activity was found in my access_log
217.150.252.183 - - [12/Sep/2010:16:36:56 -0500] "GET /phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 583
217.150.252.183 - - [12/Sep/2010:16:36:56 -0500] "GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:56 -0500] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 583
217.150.252.183 - - [12/Sep/2010:16:36:56 -0500] "GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:57 -0500] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 583
217.150.252.183 - - [12/Sep/2010:16:36:57 -0500] "GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:57 -0500] "GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:57 -0500] "GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:58 -0500] "GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:58 -0500] "GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:58 -0500] "GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:58 -0500] "GET /phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 583
217.150.252.183 - - [12/Sep/2010:16:36:58 -0500] "GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 589
217.150.252.183 - - [12/Sep/2010:16:36:59 -0500] "GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:59 -0500] "GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:59 -0500] "GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:36:59 -0500] "GET /phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 583
217.150.252.183 - - [12/Sep/2010:16:37:00 -0500] "GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 589
217.150.252.183 - - [12/Sep/2010:16:37:00 -0500] "GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:37:00 -0500] "GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:37:00 -0500] "GET /phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 583
217.150.252.183 - - [12/Sep/2010:16:37:01 -0500] "GET /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 585
217.150.252.183 - - [12/Sep/2010:16:37:01 -0500] "GET /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 585
217.150.252.183 - - [12/Sep/2010:16:37:01 -0500] "GET /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 585
217.150.252.183 - - [12/Sep/2010:16:37:01 -0500] "GET /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 585
217.150.252.183 - - [12/Sep/2010:16:37:01 -0500] "GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 587
217.150.252.183 - - [12/Sep/2010:16:37:02 -0500] "GET /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 583
217.150.252.183 - - [12/Sep/2010:16:37:02 -0500] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 583
217.150.252.183 - - [12/Sep/2010:16:37:02 -0500] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 577
217.150.252.183 - - [12/Sep/2010:16:37:02 -0500] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 579
217.150.252.183 - - [12/Sep/2010:16:37:03 -0500] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 572
217.150.252.183 - - [12/Sep/2010:16:37:03 -0500] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 574
217.150.252.183 - - [12/Sep/2010:16:37:03 -0500] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 574
217.150.252.183 - - [12/Sep/2010:16:37:03 -0500] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 577
217.150.252.183 - - [12/Sep/2010:16:37:03 -0500] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 578
217.150.252.183 - - [12/Sep/2010:16:37:04 -0500] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 578
217.150.252.183 - - [12/Sep/2010:16:37:04 -0500] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 575
217.150.252.183 - - [12/Sep/2010:16:37:04 -0500] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 573
217.150.252.183 - - [12/Sep/2010:16:37:04 -0500] "GET /websql/scripts/setup.php HTTP/1.1" 404 573
217.150.252.183 - - [12/Sep/2010:16:37:05 -0500] "GET /webdb/scripts/setup.php HTTP/1.1" 404 572
217.150.252.183 - - [12/Sep/2010:16:37:05 -0500] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 577
217.150.252.183 - - [12/Sep/2010:16:37:05 -0500] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 578
58.218.204.110 - - [12/Sep/2010:17:12:05 -0500] "GET http://www.365track.com/proxyheader.php HTTP/1.1" 404 603
92.240.68.153 - - [13/Sep/2010:05:03:10 -0500] "GET http://www.usatourist.com/photos/tips/train1b.jpg HTTP/1.1" 404 557
58.218.204.110 - - [13/Sep/2010:05:44:51 -0500] "GET http://218.10.111.119/check.php HTTP/1.1" 404 595
58.218.204.110 - - [13/Sep/2010:08:55:15 -0500] "GET http://seekerfeed.com/proxyheader.php HTTP/1.1" 404 601
184.154.10.254 - - [13/Sep/2010:13:15:36 -0500] "GET /" 404 -
58.218.204.110 - - [14/Sep/2010:00:23:13 -0500] "GET http://125.45.109.166/proxyheader.php HTTP/1.1" 404 601
58.218.204.110 - - [14/Sep/2010:09:50:05 -0500] "GET http://www.bankjia.com/ip.php HTTP/1.1" 404 593
58.218.204.110 - - [14/Sep/2010:12:59:06 -0500] "GET http://216.245.205.74/proxy.php HTTP/1.1" 404 595
|
Posted by hostyourspace123, 09-15-2010, 03:10 PM |
Hello,
Any reverts on this?
|
Posted by russ71, 09-15-2010, 03:15 PM |
Im sorry, what do you mean by reverts?
Im pretty green with this stuff.
|
Posted by drspliff, 09-15-2010, 03:26 PM |
It's automated scanning for vulnerable versions of phpMyAdmin.
I wouldn't be at all concerned - unless you have phpMyAdmin in a default location which is publicly reachable.
|
Posted by russ71, 09-15-2010, 03:28 PM |
thanks ..
|
Posted by matt2kjones, 09-15-2010, 06:39 PM |
Yeah these kind of attacks are common... however, if you get simular/obvious attacks then you can setup scripts on your logs to ban the ip's from your server.
I generally do this for any brute force / vuln scanning scripts such as these... just incase.
|
Posted by p1net, 09-15-2010, 07:14 PM |
Also some good mod_security rule-sets can help weed out some of those automated bot scans.
|
Add to Favourites Print this Article
Also Read