> Hi, > > I'm using Logwatch 5.2.2 and in email today it emailed > me the following: > > --------------------- httpd Begin > ------------------------ > > A total of 4 sites probed the server > 203.218.141.123 > 203.206.246.90 > 203.218.200.154 > > !!!! 3 possible successful probes > /css/phpmyadmin.css.php?js_frame=left&num_dbs=0 HTTP > Response 200 > > /css/phpmyadmin.css.php?lang=en-iso-8859-1&js_frame=right > HTTP Response 200 > > /css/phpmyadmin.css.php?lang=en-iso-8859-1&js_frame=left&num_dbs=0 > HTTP Response 200 > > ---------------------- httpd End > ------------------------- > > What does this mean exactly? When logwatch processes your log files, the script responsible for looking at the Apache logs (which you can find at /etc/log.d/scripts/services/http) treats every request containing the word 'phpmyadmin' as suspicious. On my system I can see this at line 113 of the script. Rich
