Go Back   HostGator Peer Support Forums > Public Forums > Suggestions
Reload this Page Server probing and hacking..
Register FAQ Calendar Search Today's Posts Mark Forums Read

Notices

Reply
 
Thread Tools
  #1  
Old 11-09-2005, 02:35 AM
A32 A32 is offline
Hatchling Croc
  
Join Date: Oct 2005
Posts: 4
Default Server probing and hacking..
1) Do you guys run any kind of security analysis on your servers?

I have been getting numerous probes and I dont think they are getting in but I have noticed that a lot of the probes are looking for phpmyadmin..

Code:
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /phpmyadmin/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /PMA/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /mysql/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /admin/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /db/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /dbadmin/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /index.php HTTP/1.0" 200 4991 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /web/phpMyAdmin/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /admin/pma/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /index.php HTTP/1.0" 200 4991 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /admin/phpmyadmin/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /admin/mysql/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /index.php HTTP/1.0" 200 4991 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:23 -0600] "GET /mysql-admin/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /phpmyadmin2/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /index.php HTTP/1.0" 200 4991 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /mysqladmin/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /mysql-admin/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /index.php HTTP/1.0" 200 4991 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /phpMyAdmin-2.5.6/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /phpMyAdmin-2.5.4/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /phpMyAdmin-2.5.1/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /index.php HTTP/1.0" 200 4991 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:24 -0600] "GET /phpMyAdmin-2.2.3/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:25 -0600] "GET /phpMyAdmin-2.2.6/main.php HTTP/1.0" 302 286 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:25 -0600] "GET /index.php HTTP/1.0" 200 4991 "-" "pmafind"
67.154.187.226 - - [08/Nov/2005:22:50:25 -0600] "GET /myadmin/main.php HTTP/1.0" 302 286 "-" "pmafind"
See all those 302's? w3c defines 302's as:

Quote:
10.3.3 302 Found

The requested resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client SHOULD continue to use the Request-URI for future requests.
Now, why is it responding with a 302 if these files do not exist? Shouldnt it be responding with a 404?
Reply With Quote
  #2  
Old 11-09-2005, 07:48 AM
Serra's Avatar
Serra Serra is offline
Veteran Croc
  
Join Date: Feb 2005
Location: Orange Park, FL
Posts: 5,073
Default Re: Server probing and hacking..
Just someone looking for access to your mysql, nothing to worry about really, if your server is secure (which we assume they are), then they will never find the security hole they are looking for.

Plus looking at the times of access, you can see that it is a script running, so they don't even have any specific knowledge about your system, they are just trying everything.


If it bothers you, put that IP on your deny list and be done with it.
Reply With Quote
  #3  
Old 11-09-2005, 11:25 AM
Unregistered
HostGator Guest
  
Posts: n/a
Default Re: Server probing and hacking..
Yeah I ban IPs all the time.. But my original question remains to be unanswered by *everybody* not just you.. I have posted on other forums & asked tech support on other providers but never got any answer...

So why the 302's and not 404? I get them both WITH ErrorDocument 404 blah blah AND without. Ever since Ive started making websites, these things always respond with 302 instead of 404.
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

All times are GMT -5. The time now is 04:35 AM.

Contact Us - Forums Index - Archive - Privacy Statement - Top