hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Is this a hack attempt? - weird entries in error log..
Reply

Forum Jump

Is this a hack attempt? - weird entries in error log..

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 06-29-2006, 05:37 PM
jb5ep jb5ep is offline
Newbie
 
Join Date: May 2006
Posts: 16

Is this a hack attempt? - weird entries in error log..


Hi,

I'm running Plesk 7.5 on a VPS. Whilst checking my main domain's error log, i spotted entries from IPs that repeat this cycle:


[Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpmyadmin
[Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/PMA
[Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/mysql
[Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/admin
[Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/db
[Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/dbadmin
[Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/web
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/admin
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/admin
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/admin
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/mysql-admin
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpmyadmin2
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/mysqladmin
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/mysql-admin
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/main.php
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpMyAdmin-2.5.6
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpMyAdmin-2.5.4
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpMyAdmin-2.5.1
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpMyAdmin-2.2.3
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpMyAdmin-2.2.6
[Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/myadmin

What is this? Is this a hack attempt? Is it automated or something?

WTF?!?! - any help appreciated!

Cheers,
jb5ep



Sponsored Links
  #2  
Old 06-29-2006, 05:42 PM
Patrick Patrick is offline
Security Ninja
 
Join Date: Mar 2003
Location: Canada
Posts: 8,607
That is a most likely an automated scan looking for vulnerable software. If you're concerned, you can setup mod_security to filter some of it.

__________________
Patrick William | Rack911 Research Labs | Software Security Auditing
250+ Vulnerabilities Found - Get a quote on a professional audit @ Rack911.com

www.HostingSecList.com - Security notices for the hosting community.

  #3  
Old 06-29-2006, 05:54 PM
Crucial Web Host Crucial Web Host is offline
Web Hosting Master
 
Join Date: Apr 2006
Location: Phoenix, AZ, USA
Posts: 702
jb, nothing to get excited about.

Those types of scans are common and, as Pat mentioned, are likely automated sweeps of address space as opposed to a directed exploit attempt against your server.

Not sure if mod_security is the answer here as these are rather common names and applications that you would be blocking if you configured mod_security to look at them.

Keep an eye on security and just get to know your machine. You'll learn what is common for you, and what is not.

Kindly,

__________________
CrucialWebHost.com - Performance Hosting Solutions:
SamsClub.com - Crumbs.com - JoanneHudson.com - Walmart.com - GameStop.com (NEW!)

Check out our Site Showcase for more big brand examples!

Sponsored Links
  #4  
Old 06-29-2006, 06:54 PM
jb5ep jb5ep is offline
Newbie
 
Join Date: May 2006
Posts: 16
Crucial Web Host/Pat H,

That's exactly the sort of advice I was after. I'll check the mod_security thing and read up a bit more on the key things not to **** up on....(!)

Thanks for your help.

Cheers,
jb5ep

Reply

Related posts from TheWhir.com
Title Type Date Posted
Linode Mitigates DDoS Attack on Linode Manager Web Hosting News 2013-08-06 14:46:48
Name.com Resets Customer Passwords After Security Breach Web Hosting News 2013-05-13 14:43:19
Unpatched Adobe ColdFusion Vulnerability Made Linode Hack Possible Web Hosting News 2013-04-16 16:16:35
GoGrid Partners with Boston Big Data Research Group hack/reduce With Free Cloud Hosting Web Hosting News 2012-11-08 17:42:48
Report Finds Dutch Government was Ill-Prepared to Handle 2011 SSL Hack Web Hosting News 2012-07-23 11:38:13


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?