Knowledgebase

Knowledgebase

Portal Home > Knowledgebase > Articles Database > is this something to be concerned with?


is this something to be concerned with?




Posted by russ71, 09-15-2010, 03:07 PM
This activity was found in my access_log 217.150.252.183 - - [12/Sep/2010:16:36:56 -0500] "GET /phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 583 217.150.252.183 - - [12/Sep/2010:16:36:56 -0500] "GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:56 -0500] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 583 217.150.252.183 - - [12/Sep/2010:16:36:56 -0500] "GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:57 -0500] "GET /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 583 217.150.252.183 - - [12/Sep/2010:16:36:57 -0500] "GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:57 -0500] "GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:57 -0500] "GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:58 -0500] "GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:58 -0500] "GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:58 -0500] "GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:58 -0500] "GET /phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 583 217.150.252.183 - - [12/Sep/2010:16:36:58 -0500] "GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 589 217.150.252.183 - - [12/Sep/2010:16:36:59 -0500] "GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:59 -0500] "GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:59 -0500] "GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:36:59 -0500] "GET /phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 583 217.150.252.183 - - [12/Sep/2010:16:37:00 -0500] "GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 589 217.150.252.183 - - [12/Sep/2010:16:37:00 -0500] "GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:37:00 -0500] "GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:37:00 -0500] "GET /phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 583 217.150.252.183 - - [12/Sep/2010:16:37:01 -0500] "GET /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 585 217.150.252.183 - - [12/Sep/2010:16:37:01 -0500] "GET /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 585 217.150.252.183 - - [12/Sep/2010:16:37:01 -0500] "GET /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 585 217.150.252.183 - - [12/Sep/2010:16:37:01 -0500] "GET /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 585 217.150.252.183 - - [12/Sep/2010:16:37:01 -0500] "GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 587 217.150.252.183 - - [12/Sep/2010:16:37:02 -0500] "GET /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 583 217.150.252.183 - - [12/Sep/2010:16:37:02 -0500] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 583 217.150.252.183 - - [12/Sep/2010:16:37:02 -0500] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 404 577 217.150.252.183 - - [12/Sep/2010:16:37:02 -0500] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 404 579 217.150.252.183 - - [12/Sep/2010:16:37:03 -0500] "GET /p/m/a/scripts/setup.php HTTP/1.1" 404 572 217.150.252.183 - - [12/Sep/2010:16:37:03 -0500] "GET /PMA2005/scripts/setup.php HTTP/1.1" 404 574 217.150.252.183 - - [12/Sep/2010:16:37:03 -0500] "GET /pma2005/scripts/setup.php HTTP/1.1" 404 574 217.150.252.183 - - [12/Sep/2010:16:37:03 -0500] "GET /phpmanager/scripts/setup.php HTTP/1.1" 404 577 217.150.252.183 - - [12/Sep/2010:16:37:03 -0500] "GET /php-myadmin/scripts/setup.php HTTP/1.1" 404 578 217.150.252.183 - - [12/Sep/2010:16:37:04 -0500] "GET /phpmy-admin/scripts/setup.php HTTP/1.1" 404 578 217.150.252.183 - - [12/Sep/2010:16:37:04 -0500] "GET /webadmin/scripts/setup.php HTTP/1.1" 404 575 217.150.252.183 - - [12/Sep/2010:16:37:04 -0500] "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 573 217.150.252.183 - - [12/Sep/2010:16:37:04 -0500] "GET /websql/scripts/setup.php HTTP/1.1" 404 573 217.150.252.183 - - [12/Sep/2010:16:37:05 -0500] "GET /webdb/scripts/setup.php HTTP/1.1" 404 572 217.150.252.183 - - [12/Sep/2010:16:37:05 -0500] "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 577 217.150.252.183 - - [12/Sep/2010:16:37:05 -0500] "GET /mysql-admin/scripts/setup.php HTTP/1.1" 404 578 58.218.204.110 - - [12/Sep/2010:17:12:05 -0500] "GET http://www.365track.com/proxyheader.php HTTP/1.1" 404 603 92.240.68.153 - - [13/Sep/2010:05:03:10 -0500] "GET http://www.usatourist.com/photos/tips/train1b.jpg HTTP/1.1" 404 557 58.218.204.110 - - [13/Sep/2010:05:44:51 -0500] "GET http://218.10.111.119/check.php HTTP/1.1" 404 595 58.218.204.110 - - [13/Sep/2010:08:55:15 -0500] "GET http://seekerfeed.com/proxyheader.php HTTP/1.1" 404 601 184.154.10.254 - - [13/Sep/2010:13:15:36 -0500] "GET /" 404 - 58.218.204.110 - - [14/Sep/2010:00:23:13 -0500] "GET http://125.45.109.166/proxyheader.php HTTP/1.1" 404 601 58.218.204.110 - - [14/Sep/2010:09:50:05 -0500] "GET http://www.bankjia.com/ip.php HTTP/1.1" 404 593 58.218.204.110 - - [14/Sep/2010:12:59:06 -0500] "GET http://216.245.205.74/proxy.php HTTP/1.1" 404 595
Posted by hostyourspace123, 09-15-2010, 03:10 PM
Hello, Any reverts on this?
Posted by russ71, 09-15-2010, 03:15 PM
Im sorry, what do you mean by reverts? Im pretty green with this stuff.
Posted by drspliff, 09-15-2010, 03:26 PM
It's automated scanning for vulnerable versions of phpMyAdmin. I wouldn't be at all concerned - unless you have phpMyAdmin in a default location which is publicly reachable.
Posted by russ71, 09-15-2010, 03:28 PM
thanks ..
Posted by matt2kjones, 09-15-2010, 06:39 PM
Yeah these kind of attacks are common... however, if you get simular/obvious attacks then you can setup scripts on your logs to ban the ip's from your server. I generally do this for any brute force / vuln scanning scripts such as these... just incase.
Posted by p1net, 09-15-2010, 07:14 PM
Also some good mod_security rule-sets can help weed out some of those automated bot scans.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Turn key WHM/Cpanel or H-sphere? Confusion... (Views: 558)
Want to try my SSH user name and password can someone assist? (Views: 549)
email outage, what can I do? (Views: 574)
Anyone heard of these guys? (Views: 613)
[abrt] a crash has been detected again (Views: 568)


Language:

Contact us

Copyright © 2018 DC International LLC. - All Rights Reserved.