phpmyadmin への不正アクセス一覧(9月)
2005年9月14日
phpMyAdminがらみの不正アクセスをまとめてみた。ここから分かる教訓は、phpMyAdminをインストールする際は、必ずアクセス制限を付けることと、インストールディレクトリを第三者には分からないものにすることである。特に次のようなURIは厳禁。
/phpmyadmin/main.php
/PMA/main.php
/mysql/main.php
/admin/main.php
/db/main.php
/dbadmin/main.php
/admin/pma/main.php
/web/phpMyAdmin/main.php
/admin/phpmyadmin/main.php
/admin/mysql/main.php
/phpmyadmin2/main.php
/mysql-admin/main.php
/mysqladmin/main.php
/mysql-admin/main.php
/main.php
/phpMyAdmin-X.X.X/main.php (X.X.Xはバージョン番号)
/myadmin/main.php
170.94.47.8 [ripe.net] [arin.net] [lacnic.net]
- - [04/Sep/2005:11:30:47 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 404 289 "-" "-"
195.56.182.136 [ripe.net] [arin.net] [lacnic.net]
- - [06/Sep/2005:15:53:10 +0200]
"GET /phpmyadmin/deadhat.php HTTP/1.0" 301 57 "-" "-"
67.69.142.66 [ripe.net] [arin.net] [lacnic.net]
- - [06/Sep/2005:18:54:02 +0200]
"GET /phpmyadmin/main.php HTTP/1.1" 301 57 "-" "PMAFind"
213.61.245.254 [ripe.net] [arin.net] [lacnic.net]
h-213.61.245.254.host.de.colt.net
- - [06/Sep/2005:23:28:47 +0200]
"GET /phpmyadmin/main.php HTTP/1.0" 301 57 "-" "-"
141.20.116.9 [ripe.net] [arin.net] [lacnic.net]
- - [10/Sep/2005:21:16:29 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
165.21.82.242 [ripe.net] [arin.net] [lacnic.net]
- - [11/Sep/2005:00:19:46 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
209.178.222.236 [ripe.net] [arin.net] [lacnic.net]
- - [13/Sep/2005:18:07:10 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
139.124.196.5 [ripe.net] [arin.net] [lacnic.net]
srv-web-dev.pharoweb.univ-mrs.fr
- - [14/Sep/2005:02:54:55 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
66.235.201.110 [ripe.net] [arin.net] [lacnic.net]
ds201-110.ipowerweb.com
- - [14/Sep/2005:18:23:22 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
194.249.192.88 [ripe.net] [arin.net] [lacnic.net]
- - [16/Sep/2005:15:57:08 +0200]
"GET /phpmyadmin/main.php HTTP/1.0" 301 57 "-" "pmafind"
212.34.174.174 [ripe.net] [arin.net] [lacnic.net]
- - [17/Sep/2005:00:48:53 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
83.65.26.183 [ripe.net] [arin.net] [lacnic.net]
83-65-26-183.static.xdsl-line.inode.at
- - [19/Sep/2005:01:05:14 +0200]
"GET /phpmyadmin/main.php HTTP/1.1" 301 57 "-" "-"
195.228.231.61 [ripe.net] [arin.net] [lacnic.net]
- - [19/Sep/2005:01:09:13 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
194.150.85.114 [ripe.net] [arin.net] [lacnic.net]
- - [22/Sep/2005:13:12:52 +0200]
"GET /phpmyadmin/main.php HTTP/1.0" 301 57 "-" "pmafind"
61.72.249.253 [ripe.net] [arin.net] [lacnic.net]
- - [24/Sep/2005:14:46:17 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
195.146.36.201 [ripe.net] [arin.net] [lacnic.net]
- - [25/Sep/2005:16:15:08 +0200]
"GET /phpmyadmin/index.php HTTP/1.1" 301 57 "-" "-"
/phpmyadmin/main.php
/PMA/main.php
/mysql/main.php
/admin/main.php
/db/main.php
/dbadmin/main.php
/admin/pma/main.php
/web/phpMyAdmin/main.php
/admin/phpmyadmin/main.php
/admin/mysql/main.php
/phpmyadmin2/main.php
/mysql-admin/main.php
/mysqladmin/main.php
/mysql-admin/main.php
/main.php
/phpMyAdmin-X.X.X/main.php (X.X.Xはバージョン番号)
/myadmin/main.php
170.94.47.8 [ripe.net] [arin.net] [lacnic.net]
- - [04/Sep/2005:11:30:47 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 404 289 "-" "-"
195.56.182.136 [ripe.net] [arin.net] [lacnic.net]
- - [06/Sep/2005:15:53:10 +0200]
"GET /phpmyadmin/deadhat.php HTTP/1.0" 301 57 "-" "-"
67.69.142.66 [ripe.net] [arin.net] [lacnic.net]
- - [06/Sep/2005:18:54:02 +0200]
"GET /phpmyadmin/main.php HTTP/1.1" 301 57 "-" "PMAFind"
213.61.245.254 [ripe.net] [arin.net] [lacnic.net]
h-213.61.245.254.host.de.colt.net
- - [06/Sep/2005:23:28:47 +0200]
"GET /phpmyadmin/main.php HTTP/1.0" 301 57 "-" "-"
141.20.116.9 [ripe.net] [arin.net] [lacnic.net]
- - [10/Sep/2005:21:16:29 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
165.21.82.242 [ripe.net] [arin.net] [lacnic.net]
- - [11/Sep/2005:00:19:46 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
209.178.222.236 [ripe.net] [arin.net] [lacnic.net]
- - [13/Sep/2005:18:07:10 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
139.124.196.5 [ripe.net] [arin.net] [lacnic.net]
srv-web-dev.pharoweb.univ-mrs.fr
- - [14/Sep/2005:02:54:55 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
66.235.201.110 [ripe.net] [arin.net] [lacnic.net]
ds201-110.ipowerweb.com
- - [14/Sep/2005:18:23:22 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
194.249.192.88 [ripe.net] [arin.net] [lacnic.net]
- - [16/Sep/2005:15:57:08 +0200]
"GET /phpmyadmin/main.php HTTP/1.0" 301 57 "-" "pmafind"
212.34.174.174 [ripe.net] [arin.net] [lacnic.net]
- - [17/Sep/2005:00:48:53 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
83.65.26.183 [ripe.net] [arin.net] [lacnic.net]
83-65-26-183.static.xdsl-line.inode.at
- - [19/Sep/2005:01:05:14 +0200]
"GET /phpmyadmin/main.php HTTP/1.1" 301 57 "-" "-"
195.228.231.61 [ripe.net] [arin.net] [lacnic.net]
- - [19/Sep/2005:01:09:13 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
194.150.85.114 [ripe.net] [arin.net] [lacnic.net]
- - [22/Sep/2005:13:12:52 +0200]
"GET /phpmyadmin/main.php HTTP/1.0" 301 57 "-" "pmafind"
61.72.249.253 [ripe.net] [arin.net] [lacnic.net]
- - [24/Sep/2005:14:46:17 +0200]
"GET /phpmyadmin/index.php HTTP/1.0" 301 57 "-" "-"
195.146.36.201 [ripe.net] [arin.net] [lacnic.net]
- - [25/Sep/2005:16:15:08 +0200]
"GET /phpmyadmin/index.php HTTP/1.1" 301 57 "-" "-"