On 6/19/2012 2:31 PM, m.roth@5-cent.us wrote:
But now I'm seeing the same from Azerbaijan, and France, and elsewhere. Two questions: first, are other folks seeing this? and second, I can't imagine malware this stupid, to keep hitting the same sites over and over when it's not found, rather than bad password or user, so I'm wondering if this could be a targetting vector for an upcoming serious attack using another vector.
Automated scripts will attack just about every port or program on your server, even if you do not use it. They know sometime in the future you may turn that service, port, or program on and might not have it set up correctly. Then bam..they are in.
When I put in a new server with a new ipaddress I have never used before there is a massive amount of attacks that first week or two. Attacks on everything you could think of. It is like they know a server is suddenly open at that ip and go nuts trying to get in.
Here is my logwatch on just one server, just one day, a server that is not being used and has a blank html page with no other services on..Stay vigilant.
404 Not Found //3rdparty/phpMyAdmin/scripts/setup.php: 3 Time(s) //MyAdmin/scripts/setup.php: 3 Time(s) //MySQLAdmin/scripts/setup.php: 3 Time(s) //PHPMYADMIN/scripts/setup.php: 2 Time(s) //PMA/: 1 Time(s) //PMA/scripts/setup.php: 3 Time(s) //PMA2005/: 1 Time(s) //PMA2005/scripts/setup.php: 3 Time(s) //SQL/scripts/setup.php: 3 Time(s) //SSLMySQLAdmin/scripts/setup.php: 3 Time(s) //_admin/scripts/setup.php: 3 Time(s) //_phpMyAdmin/scripts/setup.php: 3 Time(s) //_phpmyadmin/scripts/setup.php: 3 Time(s) //admin/: 1 Time(s) //admin/mysql/scripts/setup.php: 3 Time(s) //admin/phpmyadmin/scripts/setup.php: 3 Time(s) //admin/pma/scripts/setup.php: 3 Time(s) //admin/scripts/setup.php: 3 Time(s) //admm/scripts/setup.php: 3 Time(s) //admn/scripts/setup.php: 3 Time(s) //backup/phpMyAdmin/scripts/setup.php: 3 Time(s) //backup/phpmyadmin/scripts/setup.php: 3 Time(s) //bbs/data/scripts/setup.php: 3 Time(s) //bkup/phpMyAdmin/scripts/setup.php: 3 Time(s) //bkup/phpmyadmin/scripts/setup.php: 3 Time(s) //cpadmin/scripts/setup.php: 3 Time(s) //cpadmindb/scripts/setup.php: 3 Time(s) //cpanelmysql/scripts/setup.php: 3 Time(s) //cpanelphpmyadmin/scripts/setup.php: 3 Time(s) //cpanelsql/scripts/setup.php: 3 Time(s) //cpdbadmin/scripts/setup.php: 3 Time(s) //cpphpmyadmin/scripts/setup.php: 3 Time(s) //databaseadmin/scripts/setup.php: 3 Time(s) //db/scripts/setup.php: 3 Time(s) //dbadmin/: 1 Time(s) //dbadmin/scripts/setup.php: 3 Time(s) //myadmin/: 1 Time(s) //myadmin/scripts/setup.php: 3 Time(s) //mysql-admin/: 1 Time(s) //mysql-admin/scripts/setup.php: 3 Time(s) //mysql/: 1 Time(s) //mysql/scripts/setup.php: 3 Time(s) //mysqladmin/: 1 Time(s) //mysqladmin/scripts/setup.php: 3 Time(s) //mysqladminconfig/scripts/setup.php: 3 Time(s) //mysqlmanager/: 1 Time(s) //mysqlmanager/scripts/setup.php: 3 Time(s) //p/m/a/: 1 Time(s) //p/m/a/scripts/setup.php: 3 Time(s) //pHpMy/scripts/setup.php: 3 Time(s) //pHpMyAdMiN/scripts/setup.php: 3 Time(s) //pMA/scripts/setup.php: 3 Time(s) //php-my-admin/: 1 Time(s) //php-my-admin/scripts/setup.php: 3 Time(s) //php-myadmin/: 1 Time(s) //php-myadmin/scripts/setup.php: 3 Time(s) //php/scripts/setup.php: 3 Time(s) //phpMyA/scripts/setup.php: 3 Time(s) //phpMyAdmi/scripts/setup.php: 3 Time(s) //phpMyAdmin-2/: 1 Time(s) //phpMyAdmin/: 1 Time(s) //phpMyAdmin/scripts/setup.php: 3 Time(s) //phpMyAdmin1/scripts/setup.php: 3 Time(s) //phpMyAdmin2/: 1 Time(s) //phpMyAds/scripts/setup.php: 3 Time(s) //phpadmin/scripts/setup.php: 3 Time(s) //phpm/scripts/setup.php: 3 Time(s) //phpmanager/: 1 Time(s) //phpmanager/scripts/setup.php: 3 Time(s) //phpmy-admin/: 1 Time(s) //phpmy-admin/scripts/setup.php: 3 Time(s) //phpmy/scripts/setup.php: 3 Time(s) //phpmya/scripts/setup.php: 3 Time(s) //phpmyad-sys/scripts/setup.php: 3 Time(s) //phpmyad/scripts/setup.php: 3 Time(s) //phpmyadmin/: 1 Time(s) //phpmyadmin/scripts/setup.php: 3 Time(s) //phpmyadmin1/scripts/setup.php: 3 Time(s) //phpmyadmin2/: 1 Time(s) //pma/scripts/setup.php: 3 Time(s) //pma2005/: 1 Time(s) //pma2005/scripts/setup.php: 3 Time(s) //roundcube/scripts/setup.php: 3 Time(s) //scripts/setup.php: 3 Time(s) //sl2/data/scripts/setup.php: 3 Time(s) //sql/: 1 Time(s) //sql/scripts/setup.php: 3 Time(s) //sqladmin/scripts/setup.php: 3 Time(s) //sqlmanager/: 1 Time(s) //sqlmanager/scripts/setup.php: 3 Time(s) //sqlweb/: 1 Time(s) //sqlweb/scripts/setup.php: 3 Time(s) //typo3/phpmyadmin/scripts/setup.php: 3 Time(s) //vhcs2/tools/pma/scripts/setup.php: 3 Time(s) //web/phpMyAdmin/scripts/setup.php: 3 Time(s) //web/phpmyadmin/scripts/setup.php: 3 Time(s) //web/scripts/setup.php: 3 Time(s) //webadmin/: 1 Time(s) //webadmin/scripts/setup.php: 3 Time(s) //webdb/: 1 Time(s) //webdb/scripts/setup.php: 3 Time(s) //websql/: 1 Time(s) //websql/scripts/setup.php: 3 Time(s) //wp-content/plugins/wp-phpmyadmin/wp-phpm ... ripts/setup.php: 3 Time(s) //wp-phpmyadmin/phpmyadmin/scripts/setup.php: 3 Time(s) //wp-phpmyadmin/scripts/setup.php: 3 Time(s) //xampp/phpmyadmin/scripts/setup.php: 3 Time(s) //~/PMA/scripts/setup.php: 3 Time(s) /3561StudioDrive/calendar.php: 1 Time(s) /admin/config.php: 1 Time(s) /admin/scripts/setup.php: 3 Time(s) /cal/calendar.php: 1 Time(s) /calendar.php: 1 Time(s) /calendar/calendar.php: 1 Time(s) /calwest/calendar.php: 1 Time(s) /ext/calendar.php: 1 Time(s) /extcal/calendar.php: 1 Time(s) /finger_lakes_dates/calendar.php: 1 Time(s) /index.php?-dsafe_mode%3dOff+-ddisable_fun ... .83%2Finfo3.txt: 3 Time(s) /itinerary/calendar.php: 1 Time(s) /muieblackcat: 3 Time(s) /news/read/url(data:image/png;base64,iVBOR ... SUVORK5CYII%3d): 2 Time(s) /pdfdocuments/142188_mantel-chairincident.wmv:3071b: 1 Time(s) /phpBB2/: 2 Time(s) /phpBB2/board/index.php: 1 Time(s) /phpBB2/forum/index.php: 1 Time(s) /phpBB2/forums/index.php: 1 Time(s) /phpBB2/phpbb/index.php: 1 Time(s) /phpBB2/phpbb2/index.php: 1 Time(s) /phpBB2/phpbb2/profile.php: 1 Time(s) /phpBB2/profile.php: 5 Time(s) /tests.php: 1 Time(s) /vancouvermuslims/calendar/calendar.php: 1 Time(s)