[Wien] [ff] Re: (security tipp) phpMyAdmin

Jan Sawicki (spam-protected)
Mo Sep 13 19:32:13 CEST 2010


On Sep 13, 2010, at 7:18 PM, Felix Ehritz wrote:

> ich beobachte ähnliches.
> wohl bemerkt, ich habe auf meinem server kein phpmyadmin:
> (und den server hab ich gestern (sonntag) neu aufgesetzt
> 

Nix neues, auf meine srvrs hab ich das seit 2003-2004 ;) 



> access.log (auszug)
> 
> 78.41.112.82 - - [13/Sep/2010:14:18:42 +0200] "GET /scripts/setup.php
> HTTP/1.1" 404 469 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:42 +0200] "GET /admin/scripts/setup.php
> HTTP/1.1" 401 632 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:42 +0200] "GET
> /admin/pma/scripts/setup.php HTTP/1.1" 401 632 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:42 +0200] "GET
> /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 401 632 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:42 +0200] "GET /db/scripts/setup.php
> HTTP/1.1" 404 471 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:42 +0200] "GET
> /dbadmin/scripts/setup.php HTTP/1.1" 404 474 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:42 +0200] "GET
> /myadmin/scripts/setup.php HTTP/1.1" 404 474 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:43 +0200] "GET /mysql/scripts/setup.php
> HTTP/1.1" 404 473 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:43 +0200] "GET
> /mysqladmin/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:43 +0200] "GET
> /typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:43 +0200] "GET
> /phpadmin/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:43 +0200] "GET
> /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:44 +0200] "GET
> /phpmyadmin/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:44 +0200] "GET
> /phpmyadmin1/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:44 +0200] "GET
> /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:44 +0200] "GET /pma/scripts/setup.php
> HTTP/1.1" 404 472 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:44 +0200] "GET
> /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:44 +0200] "GET
> /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:44 +0200] "GET /web/scripts/setup.php
> HTTP/1.1" 404 472 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:44 +0200] "GET
> /php-my-admin/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:45 +0200] "GET /websql/scripts/setup.php
> HTTP/1.1" 404 473 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:45 +0200] "GET
> /phpmyadmin/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:45 +0200] "GET
> /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:45 +0200] "GET
> /phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:45 +0200] "GET
> /php-my-admin/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:45 +0200] "GET
> /phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:45 +0200] "GET
> /phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:45 +0200] "GET
> /phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 487 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 488 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:46 +0200] "GET
> /phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 487 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 487 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 127.0.0.1 - - [13/Sep/2010:14:18:47 +0200] "OPTIONS * HTTP/1.0" 200 152 "-"
> "Apache/2.2.14 (Ubuntu) (internal dummy connection)"
> 78.41.112.82 - - [13/Sep/2010:14:18:47 +0200] "GET
> /phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/1.1" 404 487 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:48 +0200] "GET
> /phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 127.0.0.1 - - [13/Sep/2010:14:18:48 +0200] "OPTIONS * HTTP/1.0" 200 152 "-"
> "Apache/2.2.14 (Ubuntu) (internal dummy connection)"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 487 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 482 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:49 +0200] "GET
> /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET
> /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 481 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET
> /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET
> /sqlmanager/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET
> /mysqlmanager/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET /p/m/a/scripts/setup.php
> HTTP/1.1" 404 472 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET
> /PMA2005/scripts/setup.php HTTP/1.1" 404 474 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET
> /pma2005/scripts/setup.php HTTP/1.1" 404 474 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET
> /phpmanager/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET
> /php-myadmin/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET
> /phpmy-admin/scripts/setup.php HTTP/1.1" 404 477 "-" "ZmEu"
> 127.0.0.1 - - [13/Sep/2010:14:18:50 +0200] "OPTIONS * HTTP/1.0" 200 152 "-"
> "Apache/2.2.14 (Ubuntu) (internal dummy connection)"
> 78.41.112.82 - - [13/Sep/2010:14:18:50 +0200] "GET
> /webadmin/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:51 +0200] "GET /sqlweb/scripts/setup.php
> HTTP/1.1" 404 473 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:51 +0200] "GET /websql/scripts/setup.php
> HTTP/1.1" 404 473 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:51 +0200] "GET /webdb/scripts/setup.php
> HTTP/1.1" 404 472 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:51 +0200] "GET
> /mysqladmin/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
> 78.41.112.82 - - [13/Sep/2010:14:18:51 +0200] "GET
> /mysql-admin/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
> 
> -----Urspr√ľngliche Nachricht-----
> Von: (spam-protected)
> [mailto:(spam-protected)] Im Auftrag von Adrian D
> Gesendet: Sonntag, 12. September 2010 21:40
> An: (spam-protected)
> Betreff: Re: [Wien] [ff] Re: (security tipp) phpMyAdmin
> 
> auf meinen servern sehe ich im moment davon recht viel:
> http://linux.m2osw.com/zmeu-attack
> 
> der probiert systematisch phpmyadmin zu finden.
> 
> lg,
> adrian
> 
> --
> Wien mailing list
> (spam-protected)
> http://lists.funkfeuer.at/mailman/listinfo/wien
> 
> 
> --
> Wien mailing list
> (spam-protected)
> http://lists.funkfeuer.at/mailman/listinfo/wien

--
Jan Sawicki








Mehr Informationen über die Mailingliste Wien