5 replies to this topic

[perishingflames]

Hi,

I noticed a bunch of requests for php my admin directories on my site in the Awstats 404 log that are being shown as referred from random directories of my site (like perishingflames.com/Fhjdh) that don't exist.

For example, /apps/phpAlbum/main.php has 18 hits

//phpMyAdmin/index.php has 4 (I didn't log in to cpanel during the time period)

//phpMyAdmin-2.6.3/scripts/setup.php has 2

//phpMyAdmin-2.8.1-rc1/scripts/setup.php has 1

and there are at least a hundred variations of those.

Is this anything to worry about or am I just being paranoid?

Also, while I have a thread open, is this anything to worry about?

Edited by perishingflames, 07 January 2012 - 09:39 PM.

[Ad Bot]

[Eli L]

Are these requests coming from the same IP?

[perishingflames]

Can you instruct me on how to find the IPs that accessed those pages? I downloaded the raw access log but that only does January and all the phpMyAdmin hits were from December.

[Alex C.]

Hello perishingflames,

Go to "Raw Access Files" in CPanel. Check to see if their are archived copies on the bottom of the page.

If so, Find the one in December and PM the file to either Me or Eli. Either one of us will take a look at the log.

[Eli L]

I would say dont worry about the hits. As long as the scripts on your site are up to date and you have a secure password you should be fine. Probably just some script kiddies looking for exploits.

[perishingflames]

I don't have any archived logs. I set it up to do that in the future, though. Thanks for the help, I won't worry about it for now.