Phosphorus and Lime
A Developer's Broadsheet
This blog has been deprecated. Please visit my new blog at klenwell.com/press.
Monday, December 24, 2007
Why You Lock Down Your Server
Scanning my (Yule) logs and found this:
And this:
I suspect 205.237.78.206 must be hacked.
Merry Christmas.
205.237.78.206 - - [21/Dec/2007:15:33:22 -0800] "GET /phpMyAdmin-2.5.6/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
205.237.78.206 - - [21/Dec/2007:15:33:22 -0800] "GET /phpMyAdmin-2.5.4/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
205.237.78.206 - - [21/Dec/2007:15:33:23 -0800] "GET /phpMyAdmin-2.5.1/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
205.237.78.206 - - [21/Dec/2007:15:33:23 -0800] "GET /phpMyAdmin-2.2.3/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
205.237.78.206 - - [21/Dec/2007:15:33:23 -0800] "GET /phpMyAdmin-2.9.1/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
205.237.78.206 - - [21/Dec/2007:15:33:23 -0800] "GET /phpMyAdmin-2.9.0/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
205.237.78.206 - - [21/Dec/2007:15:33:22 -0800] "GET /phpMyAdmin-2.5.4/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
205.237.78.206 - - [21/Dec/2007:15:33:23 -0800] "GET /phpMyAdmin-2.5.1/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
205.237.78.206 - - [21/Dec/2007:15:33:23 -0800] "GET /phpMyAdmin-2.2.3/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
205.237.78.206 - - [21/Dec/2007:15:33:23 -0800] "GET /phpMyAdmin-2.9.1/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
205.237.78.206 - - [21/Dec/2007:15:33:23 -0800] "GET /phpMyAdmin-2.9.0/main.phpmain.php HTTP/1.0" 404 346 "-" "-"
And this:
122.126.109.119 - - [24/Dec/2007:13:40:18 -0800] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:14:23:26 -0800] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:14:57:22 -0800] "CONNECT mail3.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:15:18:50 -0800] "CONNECT mail3.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:16:07:36 -0800] "CONNECT mail3.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:16:52:45 -0800] "CONNECT mail3.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:17:53:10 -0800] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:18:34:42 -0800] "CONNECT mail3.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:18:56:36 -0800] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:14:23:26 -0800] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:14:57:22 -0800] "CONNECT mail3.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:15:18:50 -0800] "CONNECT mail3.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:16:07:36 -0800] "CONNECT mail3.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:16:52:45 -0800] "CONNECT mail3.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:17:53:10 -0800] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:18:34:42 -0800] "CONNECT mail3.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
122.126.109.119 - - [24/Dec/2007:18:56:36 -0800] "CONNECT mail2.xps.idv.tw:25 HTTP/1.0" 405 353 "-" "-"
I suspect 205.237.78.206 must be hacked.
Merry Christmas.
some rights reserved, © 2006