Results 1 to 4 of 4
  1. #1

    Is this a hack attempt? - weird entries in error log..

    Hi,

    I'm running Plesk 7.5 on a VPS. Whilst checking my main domain's error log, i spotted entries from IPs that repeat this cycle:


    [Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpmyadmin
    [Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/PMA
    [Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/mysql
    [Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/admin
    [Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/db
    [Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/dbadmin
    [Tue May 30 20:57:05 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/web
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/admin
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/admin
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/admin
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/mysql-admin
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpmyadmin2
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/mysqladmin
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/mysql-admin
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/main.php
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpMyAdmin-2.5.6
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpMyAdmin-2.5.4
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpMyAdmin-2.5.1
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpMyAdmin-2.2.3
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/phpMyAdmin-2.2.6
    [Tue May 30 20:57:06 2006] [error] [client 195.242.215.22] File does not exist: /var/www/vhosts/mydomain.co.uk/httpdocs/myadmin

    What is this? Is this a hack attempt? Is it automated or something?

    WTF?!?! - any help appreciated!

    Cheers,
    jb5ep

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,834
    That is a most likely an automated scan looking for vulnerable software. If you're concerned, you can setup mod_security to filter some of it.
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Free Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  3. #3
    Join Date
    Apr 2006
    Location
    Phoenix, AZ, USA
    Posts
    733
    jb, nothing to get excited about.

    Those types of scans are common and, as Pat mentioned, are likely automated sweeps of address space as opposed to a directed exploit attempt against your server.

    Not sure if mod_security is the answer here as these are rather common names and applications that you would be blocking if you configured mod_security to look at them.

    Keep an eye on security and just get to know your machine. You'll learn what is common for you, and what is not.

    Kindly,
    CrucialWebHost.com - Performance Hosting Solutions:
    SamsClub.com - JoanneHudson.com - Walmart.com - RoseAndOno.com - Ellusionist.com - CampSaver.com (NEW!)

    Check out our Site Showcase for more big brand examples!

  4. #4
    Crucial Web Host/Pat H,

    That's exactly the sort of advice I was after. I'll check the mod_security thing and read up a bit more on the key things not to **** up on....(!)

    Thanks for your help.

    Cheers,
    jb5ep

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •