MyBB Community Forums

MyBB Community Forums > Community > General Discussion > Web Development and Administration > So, I was looking throgh my apache logs and came across this.... :(
Full Version: So, I was looking throgh my apache logs and came across this.... :(
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Tom K.

2011-11-13, 12:09 PM
I came across:

[Fri Nov 11 10:20:58 2011] [error] [client 62.141.39.169] File does not exist: /var/www/html/sqldumper
[Fri Nov 11 10:20:59 2011] [error] [client 62.141.39.169] File does not exist: /var/www/html/msd
[Fri Nov 11 10:20:59 2011] [error] [client 62.141.39.169] File does not exist: /var/www/html/dumper
[Fri Nov 11 10:20:59 2011] [error] [client 62.141.39.169] File does not exist: /var/www/html/tmp
[Fri Nov 11 10:20:59 2011] [error] [client 62.141.39.169] File does not exist: /var/www/html/dmp
[Fri Nov 11 10:20:59 2011] [error] [client 62.141.39.169] File does not exist: /var/www/html/bak
[Fri Nov 11 10:20:59 2011] [error] [client 62.141.39.169] File does not exist: /var/www/html/bck
[Fri Nov 11 10:21:00 2011] [error] [client 62.141.39.169] File does not exist: /var/www/html/backup
Looks like somebody is trying to find an SQL dump Confused

Nathan Malcolm

2011-11-13, 12:50 PM
That's nothing compared to my access_log Smile

About a month ago I found over 150,000 requests for cpanel, phpmyadmin, webmin, direct admin, 'admin.php', and many more. Obviously they didn't find anything. Wink

Also very weird requests such as 'sport.rss'. I have to admit, it's quite amusing to tail it for half an hour or so.

Generally if you're stupid enough to leave a backup in a web accessible directory then you deserve what ever the outcome is. Toungue

crazy4cs

2011-11-13, 12:59 PM
Never leave backups in such a directories, its also safe to htaccess pwd protect the backup directory if you're having one.

Booher

2011-11-13, 05:16 PM
(2011-11-13, 12:59 PM)crazy4cs Wrote: [ -> ]Never leave backups in such a directories, its also safe to htaccess pwd protect the backup directory if you're having one.

Not if someone finds an LFI vulnerability on something. It's safe to keep none of your backups on the same server as your website. lol

crazy4cs

2011-11-13, 06:28 PM
I personally don't but that was an advice for those who tends to.

Richard

2011-11-13, 09:33 PM
According to http://www.bizimbal.com/odb/details.html?id=1118694 your website isn't his/her first.

- G33K -

2011-11-14, 07:32 AM
I used to have tons of these, I resorted to using fail2ban and banning the IPs if they kept trying to access files that do not exist.

The only thing with a setup such as this is you have to be extra careful not to have a broken link or a missing file (like say a missing image of a button or an image called from css) or else you risk pretty much banning every ip that comes to your site or tries to access the missing item.
MyBB Community Forums > Community > General Discussion > Web Development and Administration > So, I was looking throgh my apache logs and came across this.... :(