Posted: . At: 1:27 PM. This was 6 years ago. Post ID: 11880
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.


Why you need to secure your website against online attack.

by

Securing your website against online attacks is very important. There are many online tools and distributions like Backtrack and Kali that have mass-scanning tools to use against a website.

Below is what a mass-scanning attack on a website looks like. This is searching for vulnerable scripts on an Apache website. As you can see, this is all returning 404. But what if I did have phpmyAdmin installed? Well, if it was improperly configured and had an old version and weak passwords, then it would be vulnerable.

80.82.64.70 - - [27/Feb/2018:07:48:40 +0000] "GET /muieblackcat HTTP/1.1" 404 467 "-" "-"
80.82.64.70 - - [27/Feb/2018:07:48:40 +0000] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
80.82.64.70 - - [27/Feb/2018:07:48:41 +0000] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 483 "-" "-"
80.82.64.70 - - [27/Feb/2018:07:48:41 +0000] "GET //pma/scripts/setup.php HTTP/1.1" 404 476 "-" "-"
80.82.64.70 - - [27/Feb/2018:07:48:42 +0000] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "-"
80.82.64.70 - - [27/Feb/2018:07:48:42 +0000] "GET //MyAdmin/scripts/setup.php HTTP/1.1" 404 480 "-" "-"
187.23.21.194 - - [27/Feb/2018:08:24:38 +0000] "GET /hndUnblock.cgi HTTP/1.1" 404 450 "-" "Wget(linux)"
187.23.21.194 - - [27/Feb/2018:08:24:41 +0000] "GET /tmUnblock.cgi HTTP/1.1" 404 449 "-" "Wget(linux)"
187.23.21.194 - - [27/Feb/2018:08:24:44 +0000] "GET /moo HTTP/1.1" 404 439 "-" "Wget(linux)"
187.23.21.194 - - [27/Feb/2018:08:24:47 +0000] "GET / HTTP/1.1" 200 918 "-" "Wget(linux)"
187.23.21.194 - - [27/Feb/2018:08:24:50 +0000] "POST /getcfg.php HTTP/1.1" 404 446 "-" "Wget(linux)"
187.23.21.194 - - [27/Feb/2018:08:24:56 +0000] "POST /getcfg.php HTTP/1.1" 404 446 "-" "Wget(linux)"
24.173.98.42 - - [27/Feb/2018:10:45:52 +0000] "HEAD http://52.63.195.144:80/mysql/admin/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:52 +0000] "HEAD http://52.63.195.144:80/mysql/dbadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:53 +0000] "HEAD http://52.63.195.144:80/mysql/sqlmanager/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:53 +0000] "HEAD http://52.63.195.144:80/mysql/mysqlmanager/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:53 +0000] "HEAD http://52.63.195.144:80/phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:53 +0000] "HEAD http://52.63.195.144:80/phpMyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:53 +0000] "HEAD http://52.63.195.144:80/phpMyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:54 +0000] "HEAD http://52.63.195.144:80/phpmyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:54 +0000] "HEAD http://52.63.195.144:80/phpmyadmin2/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:54 +0000] "HEAD http://52.63.195.144:80/phpmyadmin3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:54 +0000] "HEAD http://52.63.195.144:80/phpmyadmin4/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:55 +0000] "HEAD http://52.63.195.144:80/2phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:55 +0000] "HEAD http://52.63.195.144:80/phpmy/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:55 +0000] "HEAD http://52.63.195.144:80/phppma/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:55 +0000] "HEAD http://52.63.195.144:80/myadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:55 +0000] "HEAD http://52.63.195.144:80/shopdb/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:56 +0000] "HEAD http://52.63.195.144:80/MyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:56 +0000] "HEAD http://52.63.195.144:80/program/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:56 +0000] "HEAD http://52.63.195.144:80/PMA/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:56 +0000] "HEAD http://52.63.195.144:80/dbadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:57 +0000] "HEAD http://52.63.195.144:80/pma/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:57 +0000] "HEAD http://52.63.195.144:80/db/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:57 +0000] "HEAD http://52.63.195.144:80/admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:57 +0000] "HEAD http://52.63.195.144:80/mysql/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:57 +0000] "HEAD http://52.63.195.144:80/database/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:58 +0000] "HEAD http://52.63.195.144:80/db/phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:58 +0000] "HEAD http://52.63.195.144:80/db/phpMyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:58 +0000] "HEAD http://52.63.195.144:80/sqlmanager/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:58 +0000] "HEAD http://52.63.195.144:80/mysqlmanager/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:59 +0000] "HEAD http://52.63.195.144:80/php-myadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:59 +0000] "HEAD http://52.63.195.144:80/phpmy-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:59 +0000] "HEAD http://52.63.195.144:80/mysqladmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:59 +0000] "HEAD http://52.63.195.144:80/mysql-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:45:59 +0000] "HEAD http://52.63.195.144:80/admin/phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:00 +0000] "HEAD http://52.63.195.144:80/admin/phpMyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:00 +0000] "HEAD http://52.63.195.144:80/admin/sysadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:00 +0000] "HEAD http://52.63.195.144:80/admin/sqladmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:00 +0000] "HEAD http://52.63.195.144:80/admin/db/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:00 +0000] "HEAD http://52.63.195.144:80/admin/web/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:01 +0000] "HEAD http://52.63.195.144:80/admin/pMA/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:01 +0000] "HEAD http://52.63.195.144:80/mysql/pma/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:01 +0000] "HEAD http://52.63.195.144:80/mysql/db/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:01 +0000] "HEAD http://52.63.195.144:80/mysql/web/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:02 +0000] "HEAD http://52.63.195.144:80/mysql/pMA/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:02 +0000] "HEAD http://52.63.195.144:80/sql/phpmanager/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:02 +0000] "HEAD http://52.63.195.144:80/sql/php-myadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:02 +0000] "HEAD http://52.63.195.144:80/sql/phpmy-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:02 +0000] "HEAD http://52.63.195.144:80/sql/sql/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:03 +0000] "HEAD http://52.63.195.144:80/sql/myadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:03 +0000] "HEAD http://52.63.195.144:80/sql/webadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:03 +0000] "HEAD http://52.63.195.144:80/sql/sqlweb/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:03 +0000] "HEAD http://52.63.195.144:80/sql/websql/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:04 +0000] "HEAD http://52.63.195.144:80/sql/webdb/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:04 +0000] "HEAD http://52.63.195.144:80/sql/sqladmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:04 +0000] "HEAD http://52.63.195.144:80/sql/sql-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:04 +0000] "HEAD http://52.63.195.144:80/sql/phpmyadmin2/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:04 +0000] "HEAD http://52.63.195.144:80/sql/phpMyAdmin2/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:05 +0000] "HEAD http://52.63.195.144:80/sql/phpMyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:05 +0000] "HEAD http://52.63.195.144:80/db/myadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:05 +0000] "HEAD http://52.63.195.144:80/db/webadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:05 +0000] "HEAD http://52.63.195.144:80/db/dbweb/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:06 +0000] "HEAD http://52.63.195.144:80/db/websql/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:06 +0000] "HEAD http://52.63.195.144:80/db/webdb/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:06 +0000] "HEAD http://52.63.195.144:80/db/dbadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:06 +0000] "HEAD http://52.63.195.144:80/db/db-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:06 +0000] "HEAD http://52.63.195.144:80/db/phpmyadmin3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:07 +0000] "HEAD http://52.63.195.144:80/db/phpMyAdmin3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:07 +0000] "HEAD http://52.63.195.144:80/db/phpMyAdmin-3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:07 +0000] "HEAD http://52.63.195.144:80/administrator/phpmyadmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:07 +0000] "HEAD http://52.63.195.144:80/administrator/phpMyAdmin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:08 +0000] "HEAD http://52.63.195.144:80/administrator/db/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:08 +0000] "HEAD http://52.63.195.144:80/administrator/web/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:08 +0000] "HEAD http://52.63.195.144:80/administrator/pma/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:08 +0000] "HEAD http://52.63.195.144:80/administrator/PMA/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:08 +0000] "HEAD http://52.63.195.144:80/administrator/admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:09 +0000] "HEAD http://52.63.195.144:80/phpMyAdmin2/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:09 +0000] "HEAD http://52.63.195.144:80/phpMyAdmin3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:09 +0000] "HEAD http://52.63.195.144:80/phpMyAdmin4/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:09 +0000] "HEAD http://52.63.195.144:80/phpMyAdmin-3/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:09 +0000] "HEAD http://52.63.195.144:80/php-my-admin/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:10 +0000] "HEAD http://52.63.195.144:80/PMA2011/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:10 +0000] "HEAD http://52.63.195.144:80/PMA2012/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:10 +0000] "HEAD http://52.63.195.144:80/PMA2013/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:10 +0000] "HEAD http://52.63.195.144:80/PMA2014/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:11 +0000] "HEAD http://52.63.195.144:80/PMA2015/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:11 +0000] "HEAD http://52.63.195.144:80/PMA2016/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:11 +0000] "HEAD http://52.63.195.144:80/PMA2017/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:11 +0000] "HEAD http://52.63.195.144:80/PMA2018/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:11 +0000] "HEAD http://52.63.195.144:80/pma2011/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:12 +0000] "HEAD http://52.63.195.144:80/pma2012/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:12 +0000] "HEAD http://52.63.195.144:80/pma2013/ HTTP/1.1" 404 194 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:12 +0000] "HEAD http://52.63.195.144:80/pma2014/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:12 +0000] "HEAD http://52.63.195.144:80/pma2015/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:13 +0000] "HEAD http://52.63.195.144:80/pma2016/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:13 +0000] "HEAD http://52.63.195.144:80/pma2017/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:13 +0000] "HEAD http://52.63.195.144:80/pma2018/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:13 +0000] "HEAD http://52.63.195.144:80/phpmyadmin2011/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:13 +0000] "HEAD http://52.63.195.144:80/phpmyadmin2012/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:14 +0000] "HEAD http://52.63.195.144:80/phpmyadmin2013/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:14 +0000] "HEAD http://52.63.195.144:80/phpmyadmin2014/ HTTP/1.1" 404 193 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:14 +0000] "HEAD http://52.63.195.144:80/phpmyadmin2015/ HTTP/1.1" 404 158 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:15 +0000] "HEAD http://52.63.195.144:80/phpmyadmin2017/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:15 +0000] "HEAD http://52.63.195.144:80/phpmyadmin2018/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 muhstik-scan"
24.173.98.42 - - [27/Feb/2018:10:46:15 +0000] "HEAD http://52.63.195.144:80/phpmanager/ HTTP/1.1" 404 195 "-" "Mozilla/5.0 muhstik-scan"

This guy is using ZmEu, to look for Cpanel installations, as well as phpmyAdmin installations. Just a script kiddie. He is in Shanghai China and using China Mobile Communications Corporation as his ISP.

183.193.15.58 - - [26/Feb/2018:02:23:41 +0000] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 496 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:23:42 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:23:45 +0000] "GET /pma/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:23:47 +0000] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:23:53 +0000] "GET /PHPMYADMIN/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:23:54 +0000] "GET /_pHpMyAdMiN/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:23:58 +0000] "GET /_phpmyadmin/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:00 +0000] "GET /mysql/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:00 +0000] "GET /phpMyAdmin/scripts/db_setup.init.php HTTP/1.1" 404 491 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:04 +0000] "GET /admindb/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:08 +0000] "GET /admin/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 489 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:09 +0000] "GET /admin/scripts/setup.php HTTP/1.1" 404 478 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:09 +0000] "GET /apache-default/phpmyadmin/scripts/setup.php HTTP/1.1" 404 498 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:10 +0000] "GET /cpanelphpmyadmin/scripts/setup.php HTTP/1.1" 404 489 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:11 +0000] "GET /cpphpmyadmin/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:12 +0000] "GET /dbadmin/scripts/setup.php HTTP/1.1" 404 480 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:12 +0000] "GET /db/scripts/setup.php HTTP/1.1" 404 475 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:13 +0000] "GET /forum/phpmyadmin/scripts/setup.php HTTP/1.1" 404 489 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:16 +0000] "GET /phpmyadmin2/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:23 +0000] "GET /phpMyAdmin/scripts/setup0.php HTTP/1.1" 404 484 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:23 +0000] "GET /phpmyadmin/scripts/setup1.php HTTP/1.1" 404 484 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:28 +0000] "GET /php-my-admin/scripts/setup.php HTTP/1.1" 404 485 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:28 +0000] "GET /phpmyadmin_/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:30 +0000] "GET /phpmyadmin/scripts/_setup.php HTTP/1.1" 404 484 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:30 +0000] "GET /phpmyadmin/scripts/Setup.php HTTP/1.1" 404 483 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:31 +0000] "GET /phpMyAdmin_/scripts/setup.php HTTP/1.1" 404 484 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:33 +0000] "GET /phpMyAdmin/scripts/_setup.php HTTP/1.1" 404 484 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:33 +0000] "GET /phpMyAdmin/scripts/Setup.php HTTP/1.1" 404 483 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:37 +0000] "GET /PMA/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:38 +0000] "GET /scripts/setup.php HTTP/1.1" 404 472 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:39 +0000] "GET /sql/scripts/setup.php HTTP/1.1" 404 476 "-" "ZmEu"
183.193.15.58 - - [26/Feb/2018:02:24:40 +0000] "GET /xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 489 "-" "ZmEu"

This is why website owners must continue to upgrade their software and website server, either Apache or NGINX to the latest versions.

There are entries in the access.log for “Mozilla/5.0 muhstik-scan”, this seems to be an IRC bot that can coordinate over the IRC connection. Something to watch out for. As it can be misused to perform scans of websites. Many folders on your website do not need to be accessible by the public at large, just put an empty index.php in them and then people cannot browse them to view the contents.

Or put a .htaccess file in the directory and put this in it.

Options -Indexes

If the directory must be viewable as an index of files, then use this in the .htaccess to hide certain files.

IndexIgnore .htaccess .??* *~ *# HEADER* FOOTER* README* RCS CVS *,v *,t *.inc

These tips will help when setting up a website and security is required.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.