[BlueOnyx:05942] Re: hacker scripts
Larry Smith
lesmith at ecsis.net
Mon Nov 29 16:50:50 -05 2010
On Mon November 29 2010 15:39, Darrell D. Mobley wrote:
> > -----Original Message-----
> > From: blueonyx-bounces at blueonyx.it [mailto:blueonyx-bounces at blueonyx.it]
> > On Behalf Of Gerald Waugh
> > Sent: Monday, November 29, 2010 1:08 PM
> > To: BlueOnyx General Mailing List
> > Subject: [BlueOnyx:05938] Re: hacker scripts
> >
> > [29/Nov/2010:06:02:37 -0600] "GET /phpmyadmin/scripts/setup.php
> > HTTP/1.1"
> >
> > 200 14061 "http://208.67.252.235/phpmyadmin/scripts/setup.php" "Opera"
> >
> > looks like its the phpmyadmin thing, I will have to find and move it...
>
> There is a setup file at:
>
> /usr/share/phpMyAdmin/scripts/setup.php
>
> Is it needed or should it be CHMODed into innocence?
>
Personally I try to never leave setup or install scripts on the server.
If I feel they might be needed later on, I change the name to something
that will not run (setup.php.org or some such)....
Lately I have been seeing somewhere around 1000 to 9000 or more
probes per day looking for various "setup.php" scripts so there is
obviously something there they think they can use to gain access...
--
Larry Smith
lesmith at ecsis.net
More information about the Blueonyx
mailing list