[Wylug-help] logwatch
Roger
roger at roger-beaumont.co.uk
Sun Aug 1 22:30:47 UTC 2010
Hi again,
First, thanks for previous help - I thought I'd said so at the time, but
can't find a record of doing so. I hope I just deleted both the
outgoing and incoming versions...
Anyway, over the last few days someone seems to have been trying hard to
use other means to hack in - logwatch has been reporting (with 401 and
404 errors) such requests as:
404 Not Found
//PHPMYADMIN/config/config.inc.php?p=phpinfo();: 1 Time(s)
//admin/config/config.inc.php?p=phpinfo();: 1 Time(s)
//config/config.inc.php?p=phpinfo();: 1 Time(s)
//dbadmin/config/config.inc.php?p=phpinfo();: 1 Time(s)
//mail/config.inc.php?p=phpinfo();: 1 Time(s)
//myadmin/config/config.inc.php?p=phpinfo();: 1 Time(s)
//mysql/config/config.inc.php?p=phpinfo();: 1 Time(s)
//php-my-admin/config/config.inc.php?p=phpinfo();: 1 Time(s)
//phpMyAdmin/config/config.inc.php?p=phpinfo();: 1 Time(s)
//phpMyAdmin2/config.inc.php?p=phpinfo();: 1 Time(s)
//phpmyadmin/config/config.inc.php?p=phpinfo();: 1 Time(s)
//phpmyadmin2/config.inc.php?p=phpinfo();: 1 Time(s)
//phppgadmin/config.inc.php?p=phpinfo();: 1 Time(s)
//pma/config/config.inc.php?p=phpinfo();: 1 Time(s)
//webmail/config.inc.php?p=phpinfo();: 1 Time(s)
...
/php-my-admin/scripts/setup.php: 5 Time(s)
/php-myadmin/scripts/setup.php: 3 Time(s)
/phpMyA/scripts/setup.php: 1 Time(s)
/phpMyAdmi/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.10.0/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.11.1/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.11.10/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.11.2/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.11.3/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.11.4/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.11.5/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.11.6/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.11.7/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.11.8/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.11.9/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.2.3/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.2.6/scripts/setup.php: 3 Time(s)
/phpMyAdmin-2.3.0/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.3.1/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.3.2/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.3.3/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.3.4/scripts/setup.php: 1 Time(s)
/phpMyAdmin-2.3.5/scripts/setup.php: 1 Time(s)
and so on.
To get to my actual equivalent of any of the above, one needs access to
a level below (or should that be 'above' - anyway, closer to the filing
system's root) than any of the 'DocumentRoot' set for any site in my
Apache config file - hence, of course, the fact that these attempts get
the 404 error.
My question is: is that a sufficient defence, or should I be taking some
more rigorous measures - and if so, what?
As I understand it, connecting to phpMyAdmin requires access from inside
my LAN (I connect using the local name of my server, which is
meaningless over the Internet) - but I've slept, "many times ... many,
many times" since it was set up, so my recollection is hazy!
So far all hacking attempts seem to have failed. Is my confidence
(complacency?) justified, or does someone only need to try a little bit
harder?
Picking up on that 'complacency,' should I be attacking back - reporting
the hacker's (hackers') IP to someone. Maybe I am safe, but can I do
anything useful to bring the wrong-doers to justice?
Thanks in advance,
Roger
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
More information about the Wylug-help
mailing list