1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

First Test for an Exploit Attempt on my Server

Discussion in 'Off Topic' started by Lawrence, May 13, 2011.

  1. Lawrence

    Lawrence Well-Known Member

    I feel honored:

    Code:
    [Thu May 12 16:22:25 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/MyAdmin
    [Thu May 12 16:22:23 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/myadmin
    [Thu May 12 16:22:23 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/pma
    [Thu May 12 16:22:21 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/phpmyadmin
    [Thu May 12 16:22:21 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/phpMyAdmin
    [Thu May 12 16:22:21 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/w00tw00t.at.blackhats.romanian.anti-sec:)
    Notice the time frame, and notice the use of caps when one attempt to find a file failed. Definitely a bot. IIRC, isn't the exploit they are looking for an old one?
     
  2. Brogan

    Brogan XenForo Moderator Staff Member

    :LOL: at the last entry
     
  3. MGSteve

    MGSteve Well-Known Member

    Looks like they were just trying to find a PHP My Admin installation... I get them all the time.
     
  4. Forsaken

    Forsaken Well-Known Member

    Gotta love those script kiddies.
     
  5. ManagerJosh

    ManagerJosh Well-Known Member

    I get those attacks all the time :(

    This came off a note from my server on Tuesday. Gees :(

    3 failed login attempts from IP: 91.224.160.12

    Last user attempted: admin



     
  6. Lawrence

    Lawrence Well-Known Member

    and I thought I was special, :rolleyes:
     
    Kaiser likes this.
  7. MGSteve

    MGSteve Well-Known Member

    Sorry, sadly not. I even get them on my Dev server which isn't supposed to be resolved to by any domain name, often they simply probe IPs for a HTTP server and try and attack when they do.

    Mind you, have to laugh when they try Frontpage exploits on a Linux box.
     
  8. ManagerJosh

    ManagerJosh Well-Known Member

    Sounds like some script kiddie playing with Metasploit
     
  9. MGSteve

    MGSteve Well-Known Member

    Yeah, I doubt anyone actually attacks manually these days, use the scripts to find the weak ones and then focus manual efforts on them.

    Mind you if you install something like phpmyadmin onto a non password protected site (at the least) then you're asking for trouble really!
     
  10. estranged

    estranged Well-Known Member

    These bots work just like googlebot but they scan the whole web loooking for certain scripts/backdoors. My logs are full of them.
     
  11. Jethro

    Jethro Well-Known Member

    Oh you are speciaL Lawrence :ROFLMAO:
     
  12. Lawrence

    Lawrence Well-Known Member

    My first logged attempt in 8 years... my SEO practices must be improving, :p

    ahhh, thanks, you are too, :cool:
     

Share This Page