Essentials:

Why it’s important to use your own paths

Why Should You Use Your Own Paths?I always watch my server logs for any suspicious behavior. And as usual, at least several times an hour, I see some poor ignorant script-kiddie poking at me trying to find some way to exploit my cluster. In this instance the attacker was looking for an installation of PHP MyAdmin, a popular open source MySQL database management tool in the hopes of being able to inject some malicious code allowing them unauthorized access to my servers. This attackers IP address resolves to Moscow, Russia.

You can see they tried the usual installation locations

It goes without saying, but I’ll say it anyway, that I installed PHP MyAdmin at my own secret URL.

No Luck Sucka!

code    
62.117.85.164 zsource.com - [16/Nov/2009:20:07:22 -0600] "GET /phpmyadmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:22 -0600] "GET /phpMyAdmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:23 -0600] "GET /PMA/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:23 -0600] "GET /pma/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:24 -0600] "GET /dbadmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:24 -0600] "GET /mysql/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:24 -0600] "GET /myadmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:25 -0600] "GET /phpmyadmin2/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:25 -0600] "GET /phpMyAdmin2/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:26 -0600] "GET /phpMyAdmin-2/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:26 -0600] "GET /php-my-admin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:26 -0600] "GET /sqlmanager/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:27 -0600] "GET /mysqlmanager/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:27 -0600] "GET /p/m/a/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:27 -0600] "GET /PMA2005/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:28 -0600] "GET /pma2005/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:28 -0600] "GET /phpmanager/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:28 -0600] "GET /php-myadmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:29 -0600] "GET /phpmy-admin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:29 -0600] "GET /webadmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:29 -0600] "GET /sqlweb/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:30 -0600] "GET /websql/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:30 -0600] "GET /webdb/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:31 -0600] "GET /mysqladmin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:31 -0600] "GET /mysql-admin/index.php HTTP/1.1" 302 234 "-" "-"
62.117.85.164 zsource.com - [16/Nov/2009:20:07:31 -0600] "GET /Tools/phpMyAdmin/index.php HTTP/1.1" 302 234 "-" "-"
 

No comments yet.

Add a comment

Pinwire @ tumblr

    http://pinwirecom.tumblr.com/post/99399753457http://pinwirecom.tumblr.com/post/99056819727http://pinwirecom.tumblr.com/post/98488475777http://pinwirecom.tumblr.com/post/94745420282http://pinwirecom.tumblr.com/post/92737496842http://pinwirecom.tumblr.com/post/88505613492