• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

First Test for an Exploit Attempt on my Server

Lawrence

Well-known member
#1
I feel honored:

Code:
[Thu May 12 16:22:25 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/MyAdmin
[Thu May 12 16:22:23 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/myadmin
[Thu May 12 16:22:23 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/pma
[Thu May 12 16:22:21 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/phpmyadmin
[Thu May 12 16:22:21 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/phpMyAdmin
[Thu May 12 16:22:21 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/w00tw00t.at.blackhats.romanian.anti-sec:)
Notice the time frame, and notice the use of caps when one attempt to find a file failed. Definitely a bot. IIRC, isn't the exploit they are looking for an old one?
 

ManagerJosh

Well-known member
#5
I get those attacks all the time :(

This came off a note from my server on Tuesday. Gees :(

3 failed login attempts from IP: 91.224.160.12

Last user attempted: admin



 

MGSteve

Well-known member
#7
Sorry, sadly not. I even get them on my Dev server which isn't supposed to be resolved to by any domain name, often they simply probe IPs for a HTTP server and try and attack when they do.

Mind you, have to laugh when they try Frontpage exploits on a Linux box.
 

ManagerJosh

Well-known member
#8
Sorry, sadly not. I even get them on my Dev server which isn't supposed to be resolved to by any domain name, often they simply probe IPs for a HTTP server and try and attack when they do.

Mind you, have to laugh when they try Frontpage exploits on a Linux box.
Sounds like some script kiddie playing with Metasploit
 

MGSteve

Well-known member
#9
Yeah, I doubt anyone actually attacks manually these days, use the scripts to find the weak ones and then focus manual efforts on them.

Mind you if you install something like phpmyadmin onto a non password protected site (at the least) then you're asking for trouble really!