tags:

views:

131

answers:

5
+1  Q: 

How do I react when somebody tries to guess admin directiories on my website?

Hello!

I've been getting these messages in apache error.log for quite a while:

[client 217.197.152.228] File does not exist: /var/www/phpmyadmin
[client 217.197.152.228] File does not exist: /var/www/pma
[client 217.197.152.228] File does not exist: /var/www/admin
[client 217.197.152.228] File does not exist: /var/www/dbadmin
[client 217.197.152.228] File does not exist: /var/www/myadmin
[client 217.197.152.228] File does not exist: /var/www/PHPMYADMIN
[client 217.197.152.228] File does not exist: /var/www/phpMyAdmin

And many more different addresses. Looks like somebody is trying to guess where my admin applications are located. What should I fear in this situation, and what a knowledge of my admin addresses can give to attacker, if everything is password protected?

+2  A: 

If they find a login page they could try to do a brute force attack or other password cracking approach.

In these cases if there is an IP that is consistently displaying such behaviour we block it with denyhosts and ModSecurity.

DanSingerman  2010-03-19 12:46:57
Thanks. I'll try to have my passwords as long as possible
Silver Light  2010-03-19 13:14:17
+2  A: 

If everything is locked down well, fear nothing. These are just automated attacks that happen to every URL in existence. Same thing happens to me, and I don't even run PHP on my server.

If you don't have the latest patches (like on say, WordPress), then yes this is a big problem, but one that's relatively easy to fix.

swilliams  2010-03-19 12:47:53
Thank you, this answers my question. I'll ignore these warnings and focus on application security.
Silver Light  2010-03-19 13:15:05
A: 

It seems he's looking for PHPMySQLAdmin installations, probably to automatically try and use known exploits on old versions.

If you're not using PHPMyAdmin you should be fine. If you do, make sure it's updated to the latest version, and maybe move it to a non-guessable URL.

Pies  2010-03-19 12:48:14
A: 

If you have protected everything it's no real big deal. http://217.197.152.228/phpmyadmin/ <- that's where your phpmyadmin is running. Seems it's pass protected etc so don't worry too much!

There are some exploits that will reveal info in fact, your phpmyadmin is vulnarable to some attacks:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0204

Maybe you should check for exploit docs on your phpmyadmin version.

Younes  2010-03-19 12:48:24
217.197.152.228 is not the host of my server, but a host of "atacker". Looks like he's protected :)
Silver Light  2010-03-19 12:56:05
+3  A: 

if you have admin or restricted folders you could configure it in htaccess to restrict access only to your ip or ip range like this

<Directory /var/www/AdminFolder/>
    Options FollowSymLinks
    Order Deny,Allow
    Deny from all
    Allow from 128.98.2.4 # your ip only
</Directory>

It will only be a good solution if you have static ip, but then you will be completely sure that you ll be the only one to get inside adminfolder

markcial  2010-03-19 12:50:26
Thank you for your answer. I guess it's the best way to protect myself, but I have several people connecting to my admin area's from different places.
Silver Light  2010-03-19 13:13:05
You can deny too, try adding the aggresor ip to the deny field
markcial  2010-03-19 13:14:55
IP's are different every day. Like swilliams said, those are probably robots.
Silver Light  2010-03-19 13:16:24

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP