flat assembler
Message board for the users of flat assembler.

Index > Heap > Bot or stupid hack attempt?

Author
Thread Post new topic Reply to topic
JohnFound



Joined: 16 Jun 2003
Posts: 3500
Location: Bulgaria
JohnFound
I just discovered these (and many more similar) records in the log file of my web server. Do, someone knows what is this? Stupid hacker or stupid bot? Very Happy
Code:
"GET /muieblackcat HTTP/1.1" 404 345 "-" "-"
"GET //index.php HTTP/1.1" 404 345 "-" "-"
"GET //admin/index.php HTTP/1.1" 404 345 "-" "-"
"GET //admin/pma/index.php HTTP/1.1" 404 345 "-" "-"
"GET //admin/phpmyadmin/index.php HTTP/1.1" 404 345 "-" "-"
"GET //db/index.php HTTP/1.1" 404 345 "-" "-"
"GET //dbadmin/index.php HTTP/1.1" 404 345 "-" "-"
"GET //myadmin/index.php HTTP/1.1" 404 345 "-" "-"
"GET //mysql/index.php HTTP/1.1" 404 345 "-" "-"
"GET //mysqladmin/index.php HTTP/1.1" 404 345 "-" "-"
"GET //typo3/phpmyadmin/index.php HTTP/1.1" 404 345 "-" "-"
"GET //phpadmin/index.php HTTP/1.1" 404 345 "-" "-"
"GET //phpMyAdmin/index.php HTTP/1.1" 404 345 "-" "-"    

_________________
Tox ID: 48C0321ADDB2FE5F644BB5E3D58B0D58C35E5BCBC81D7CD333633FEDF1047914A534256478D9
Post 08 Jul 2012, 05:05
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
lol. Probably some stupid skid who just found out about open web directories.

Or it might be a scanner. Check the time interval, if the difference is about 1 second or so it might be a scanner.

But yeah, there are sites out there that have open directories and open DBs.

Check the referrer headers also, it'll tell you the origins.

Most notable one is Google. Then you'll know it's a skid searching for d0rks.

as you can see here:

Code:
http://www.ppt-us.com/phpMyAdmin/index.php
    


Last edited by typedef on 08 Jul 2012, 06:14; edited 4 times in total
Post 08 Jul 2012, 05:24
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3500
Location: Bulgaria
JohnFound
It is automatic tool. The time difference is under a second. The referrer record is empty.
Geobytes claims the IP address is from US, California, No proxy (Certainty 87).
Anyway, it is funny, because I don't have even PHP installed. Smile
Post 08 Jul 2012, 05:40
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
That's a fail. My conclusion is that you were a chosen target of some sort of scanner. (unless of course you have some related keywords)

.... but who gives a damn they failed.
Post 08 Jul 2012, 05:42
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.