Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
is this an attack?
I have a number (6) of these (all at 10.23am but different ips, all canadian) in my logs. Is it an attack? Should I do something about it?
→ 184.107.132.218 27 May Canada
→/events//xmlsrv/xmlrpc.php 10:23
→/events/
→//xmlsrv/xmlrpc.php
→ 64.15.147.90 27 May Canada
→/events//xmlsrv/xmlrpc.php 10:23
→/events/
→//xmlsrv/xmlrpc.phpYiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: is this an attack?
Meh, random misc, possibly script-kiddie, request. You should get them all the time. If you want to increase list of random banned IPs and save bandwidth block the IPs, or don’t do anything special from the usual.
I would just go to take cup of coffee, or glass of water, whichever rocks your boat, and continue normal life by keeping software up-to-date and taking frequent backups.
is this an attack?
Fishing.
Last edited by Gocom (2011-05-27 13:37:45)
Offline
Re: is this an attack?
Gocom wrote:
Meh, random misc, possibly script-kiddie, request.
… Cool:) I’ll let them play then:) Thanks Jukka.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#4 2011-06-06 08:23:20
- candyman
- Member
- From: Italy
- Registered: 2006-08-08
- Posts: 684
Re: is this an attack?
Today I’ve discovered this in the admin/access page:
05 giu 2011 07:31:16 xxxxxx.hu /phpmyadmin1/scripts/setup.php
05 giu 2011 07:31:16 xxxxxx.hu /phpmyadmin2/scripts/setup.php
05 giu 2011 07:31:16 xxxxxx.hu /pma/scripts/setup.php
05 giu 2011 07:31:16 xxxxxx.hu /web/phpMyAdmin/scripts/setup.php
05 giu 2011 07:31:17 xxxxxx.hu /xampp/phpmyadmin/scripts/setup.php
05 giu 2011 07:31:15 xxxxxx.hu /phpmyadmin/scripts/setup.php
05 giu 2011 07:31:15 xxxxxx.hu /phpadmin/scripts/setup.php
05 giu 2011 07:31:15 xxxxxx.hu /phpMyAdmin/scripts/setup.php
05 giu 2011 07:31:14 xxxxxx.hu /typo3/phpmyadmin/scripts/setup.php
05 giu 2011 07:31:14 xxxxxx.hu /mysqladmin/scripts/setup.php
05 giu 2011 07:31:14 xxxxxx.hu /mysql/scripts/setup.php
05 giu 2011 07:31:13 xxxxxx.hu /myadmin/scripts/setup.php
is this an attack?
In that case: how can I block this IP for the future?
Many thanks!
Offline
Re: is this an attack?
Hi Alessandro
It’s a hacking attempt. As you don’t know if the IP is static or dynamic there is no reason of blocking it but should you want to block it anyway add
Order Allow,Deny
Deny from xx.xx.xx.xx
Deny from xxx.xxx.xxx.xxx
etc
Allow from allin your htaccess file
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
Re: is this an attack?
Don’t block it. Just make sure your PHPMyAdmin software is up-to-date.
Offline
Re: is this an attack?
My domain page ‘not found’ checker shows someone out there looking for dlls, word docs, music files. I just ignore them. Although, on one site I put I have have music files. So that type of search dropped off.
Offline
Re: is this an attack?
ruud wrote:
Don’t block it. Just make sure your PHPMyAdmin software is up-to-date.
Also: don’t have it located in some obviously-named directory (/phpmyadmin, /pma, etc), flip the folder & file permissions to 000 when it’s not being used and rename your config file so it won’t work. Simple things, but they’re all useful measures against opportunist scumbags.
Offline
#9 2011-06-13 14:16:15
- masa
- Member
- From: Asturias, Spain
- Registered: 2005-11-25
- Posts: 1,091
Re: is this an attack?
All of the hosts I use have PHPMyAdmin installed in a more secure location where you need to log in; just ask them.
You shouldn’t need to install it in your own publicly accessible web root at all.
Offline
Pages: 1