First Test for an Exploit Attempt on my Server

Lawrence · May 13, 2011

I feel honored:

Code:

[Thu May 12 16:22:25 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/MyAdmin
[Thu May 12 16:22:23 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/myadmin
[Thu May 12 16:22:23 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/pma
[Thu May 12 16:22:21 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/phpmyadmin
[Thu May 12 16:22:21 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/phpMyAdmin
[Thu May 12 16:22:21 2011] [error] [client 46.137.111.175] File does not exist: /home/wwwxxxx/public_html/w00tw00t.at.blackhats.romanian.anti-sec:)

Notice the time frame, and notice the use of caps when one attempt to find a file failed. Definitely a bot. IIRC, isn't the exploit they are looking for an old one?

Paul B · May 13, 2011

at the last entry

MGSteve · May 13, 2011

Looks like they were just trying to find a PHP My Admin installation... I get them all the time.

Forsaken · May 13, 2011

Gotta love those script kiddies.

ManagerJosh · May 13, 2011

I get those attacks all the time

This came off a note from my server on Tuesday. Gees

3 failed login attempts from IP: 91.224.160.12

Last user attempted: admin

Lawrence · May 13, 2011

MGSteve said:
Looks like they were just trying to find a PHP My Admin installation... I get them all the time.

and I thought I was special,

MGSteve · May 13, 2011

Sorry, sadly not. I even get them on my Dev server which isn't supposed to be resolved to by any domain name, often they simply probe IPs for a HTTP server and try and attack when they do.

Mind you, have to laugh when they try Frontpage exploits on a Linux box.

ManagerJosh · May 13, 2011

MGSteve said:
Sorry, sadly not. I even get them on my Dev server which isn't supposed to be resolved to by any domain name, often they simply probe IPs for a HTTP server and try and attack when they do.

Mind you, have to laugh when they try Frontpage exploits on a Linux box.

Sounds like some script kiddie playing with Metasploit

MGSteve · May 13, 2011

Yeah, I doubt anyone actually attacks manually these days, use the scripts to find the weak ones and then focus manual efforts on them.

Mind you if you install something like phpmyadmin onto a non password protected site (at the least) then you're asking for trouble really!

estranged · May 13, 2011

These bots work just like googlebot but they scan the whole web loooking for certain scripts/backdoors. My logs are full of them.

Jethro · May 13, 2011

Lawrence said:
and I thought I was special,

Oh you are speciaL Lawrence

Lawrence · May 13, 2011

My first logged attempt in 8 years... my SEO practices must be improving,

Jethro said:
Oh you are speciaL Lawrence

ahhh, thanks, you are too,

First Test for an Exploit Attempt on my Server

Lawrence

Well-known member

Paul B

XenForo moderator

MGSteve

Well-known member

Forsaken

Well-known member

ManagerJosh

Well-known member

Lawrence

Well-known member

MGSteve

Well-known member

ManagerJosh

Well-known member

MGSteve

Well-known member

estranged

Well-known member

Jethro

Well-known member

Lawrence

Well-known member

Similar threads

We value your privacy