I always watch my server logs for any suspicious behavior. And as usual, at least several times an hour, I see some poor ignorant script-kiddie poking at me trying to find some way to exploit my cluster. In this instance the attacker was looking for an installation of PHP MyAdmin, a popular open source MySQL database management tool in the hopes of being able to inject some malicious code allowing them unauthorized access to my servers. This attackers IP address resolves to Moscow, Russia.
You can see they tried the usual installation locations
It goes without saying, but I’ll say it anyway, that I installed PHP MyAdmin at my own secret URL.
No Luck Sucka!
62.117.85.164 zsource.com - [16/Nov/2009:20:07:22 -0600] "GET /phpmyadmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:22 -0600] "GET /phpMyAdmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:23 -0600] "GET /PMA/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:23 -0600] "GET /pma/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:24 -0600] "GET /dbadmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:24 -0600] "GET /mysql/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:24 -0600] "GET /myadmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:25 -0600] "GET /phpmyadmin2/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:25 -0600] "GET /phpMyAdmin2/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:26 -0600] "GET /phpMyAdmin-2/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:26 -0600] "GET /php-my-admin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:26 -0600] "GET /sqlmanager/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:27 -0600] "GET /mysqlmanager/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:27 -0600] "GET /p/m/a/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:27 -0600] "GET /PMA2005/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:28 -0600] "GET /pma2005/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:28 -0600] "GET /phpmanager/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:28 -0600] "GET /php-myadmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:29 -0600] "GET /phpmy-admin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:29 -0600] "GET /webadmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:29 -0600] "GET /sqlweb/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:30 -0600] "GET /websql/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:30 -0600] "GET /webdb/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:31 -0600] "GET /mysqladmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:31 -0600] "GET /mysql-admin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:31 -0600] "GET /Tools/phpMyAdmin/index.php HTTP/1.1" 302 234 "-" "-"
Tom McGuire is a web designer, developer and educator specializing in learning everything there is to learn about everything. He also firmly believes in ‘Touch, not Tech.” He co-runs a boutique style digital media company called Visual Moxie and he spends a lot of his time thinking about and sharing his knowledge of the internet, information philosophy and web design and development.
