-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 - -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Everyone, On 19-Oct-05 at about 1:00pm my time, someone from IP 194.150.85.114 accessed my web-server trying to access a file called main.php in the following places: 194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] "GET /phpmyadmin/main.php HTTP/1.0" 404 304 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] "GET /PMA/main.php HTTP/1.0" 404 297 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /mysql/main.php HTTP/1.0" 404 299 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /admin/main.php HTTP/1.0" 404 299 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /db/main.php HTTP/1.0" 404 296 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /dbadmin/main.php HTTP/1.0" 404 301 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /web/phpMyAdmin/main.php HTTP/1.0" 404 308 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /admin/pma/main.php HTTP/1.0" 404 303 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET /admin/phpmyadmin/main.php HTTP/1.0" 404 310 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET /admin/mysql/main.php HTTP/1.0" 404 305 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET /mysql-admin/main.php HTTP/1.0" 404 305 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET /phpmyadmin2/main.php HTTP/1.0" 404 305 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET /mysqladmin/main.php HTTP/1.0" 404 304 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET /mysql-admin/main.php HTTP/1.0" 404 305 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET /main.php HTTP/1.0" 404 293 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET /phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 310 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET /phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 310 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET /phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 310 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:57 -0400] "GET /phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 310 "-" "pmafind" 194.150.85.114 - - [19/Oct/2005:13:01:57 -0400] "GET /phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 310 "-" "pmafind" Of course, this attack fell on deaf ears on my server.... but, I'd like everyone to know since this is a security risk if they do have a PHP document configuring some of these administrative tasks open on the internet. Thanks, James Kosin - - -- - - -- James Kosin International Communications Group, Inc. 230 Pickett's Line Newport News, VA 23603-1366 - - - United States of America - Phone: 1(757)947-1030 ext. 122 Fax : 1(757)947-1035 - - -- GPG Fingerprint: 28E9 6487 34B2 18DD 6468 F091 8CD9 2038 DEB0 0590 GPG Key ID: 0xDEB00590 - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDV75UjNkgON6wBZARA6DmAJ9NMxZNiNCvKxy8eBZZQ0D7luLnegCfXDb8 SYP3+FueDyDnOzdwLLDA2PI= =D30R - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDV757kNLDmnu1kSkRA8uzAJ43tmMFXtvaGW4SC8IOjVbvYFVbzACfbWO/ 5C3JQsLUIER/lsmoAQbRD8k= =Ij0X -----END PGP SIGNATURE----- -- Scanned by ClamAV - http://www.clamav.net
