8 months ago on December 24th
htaccess, htpasswd, mysql, phpmyadmin, root, ssl, xss

phpMyAdmin

For those running phpMyAdmin as an aid for navigating through MySQL, you must remember to secure both your MySQL and phpMyAdmin installations. This applies especially to a dedicated server. Looking through some access logs I encountered some strange visits.

Access Logs

75.126.53.106 - - [16/Dec/2009:16:11:07 -0600] "HEAD http://174.143.180.107:80/mysql/admin/ HTTP/1.1" 500 182 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:07 -0600] "HEAD http://174.143.180.107:80/mysql/sqlmanager/ HTTP/1.1" 301 280 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:07 -0600] "HEAD http://174.143.180.107:80/mysql/mysqlmanager/ HTTP/1.1" 301 282 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:07 -0600] "HEAD http://174.143.180.107:80/phpmyadmin/ HTTP/1.1" 301 274 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpMyadmin/ HTTP/1.1" 301 274 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpMyAdmin/ HTTP/1.1" 301 274 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpmyAdmin/ HTTP/1.1" 301 274 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpmyadmin2/ HTTP/1.1" 301 275 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/2phpmyadmin/ HTTP/1.1" 301 275 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpmy/ HTTP/1.1" 301 269 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phppma/ HTTP/1.1" 301 270 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/myadmin/ HTTP/1.1" 301 271 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/MyAdmin/ HTTP/1.1" 301 271 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/program/ HTTP/1.1" 301 271 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/PMA/ HTTP/1.1" 301 267 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/dbadmin/ HTTP/1.1" 301 271 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/pma/ HTTP/1.1" 301 267 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/ HTTP/1.1" 301 266 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/admin/ HTTP/1.1" 500 182 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/dbadmin/ HTTP/1.1" 301 271 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysql/ HTTP/1.1" 301 269 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/qql/ HTTP/1.1" 301 267 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/database/ HTTP/1.1" 301 272 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/phpmyadmin/ HTTP/1.1" 301 277 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/phpMyAdmin/ HTTP/1.1" 301 277 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sqlmanager/ HTTP/1.1" 301 274 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysqlmanager/ HTTP/1.1" 301 276 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/php-myadmin/ HTTP/1.1" 301 275 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpmy-admin/ HTTP/1.1" 301 275 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/webadmin/ HTTP/1.1" 301 272 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sqlweb/ HTTP/1.1" 301 270 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/websql/ HTTP/1.1" 301 270 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/webdb/ HTTP/1.1" 301 269 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysqladmin/ HTTP/1.1" 301 274 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysql-admin/ HTTP/1.1" 301 275 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/admin/phpmyadmin/ HTTP/1.1" 500 182 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/admin/phpMyAdmin/ HTTP/1.1" 500 182 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/admin/sysadmin/ HTTP/1.1" 500 182 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/admin/sqladmin/ HTTP/1.1" 500 182 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/admin/db/ HTTP/1.1" 500 182 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/admin/web/ HTTP/1.1" 500 182 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/admin/pMA/ HTTP/1.1" 500 182 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysql/pma/ HTTP/1.1" 301 273 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysql/db/ HTTP/1.1" 301 272 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysql/web/ HTTP/1.1" 301 273 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysql/pMA/ HTTP/1.1" 301 273 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysql/admin/ HTTP/1.1" 500 182 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysql/dbadmin/ HTTP/1.1" 301 277 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysql/sqlmanager/ HTTP/1.1" 301 280 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/mysql/mysqlmanager/ HTTP/1.1" 301 282 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/phpmanager/ HTTP/1.1" 301 278 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/php-myadmin/ HTTP/1.1" 301 279 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/phpmy-admin/ HTTP/1.1" 301 279 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/sql/ HTTP/1.1" 301 271 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/myadmin/ HTTP/1.1" 301 275 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/webadmin/ HTTP/1.1" 301 276 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/sqlweb/ HTTP/1.1" 301 274 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/websql/ HTTP/1.1" 301 274 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/webdb/ HTTP/1.1" 301 273 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/sqladmin/ HTTP/1.1" 301 276 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/sql-admin/ HTTP/1.1" 301 277 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/phpmyadmin2/ HTTP/1.1" 301 279 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/phpMyAdmin2/ HTTP/1.1" 301 279 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/sql/phpMyAdmin/ HTTP/1.1" 301 278 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/database/phpmyadmin/ HTTP/1.1" 301 283 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/database/phpMyAdmin/ HTTP/1.1" 301 283 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/database/database/ HTTP/1.1" 301 281 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/database/phpmyadmin2/ HTTP/1.1" 301 284 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/database/phpMyAdmin2/ HTTP/1.1" 301 284 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/database/phpMyAdmin/ HTTP/1.1" 301 283 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/myadmin/ HTTP/1.1" 301 274 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/webadmin/ HTTP/1.1" 301 275 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/dbweb/ HTTP/1.1" 301 272 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/websql/ HTTP/1.1" 301 273 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/webdb/ HTTP/1.1" 301 272 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/dbadmin/ HTTP/1.1" 301 274 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/db-admin/ HTTP/1.1" 301 275 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/phpmyadmin2/ HTTP/1.1" 301 278 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/phpMyAdmin2/ HTTP/1.1" 301 278 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/db/phpMyAdmin-2/ HTTP/1.1" 301 279 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpMyAdmin-2.11.8.1-all-languages-utf-8-only/ HTTP/1.1" 301 308 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpMyAdmin-2.11.8.1-all-languages/ HTTP/1.1" 301 297 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpMyAdmin-2.11.7.1-all-languages-utf-8-only/ HTTP/1.1" 301 308 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpMyAdmin-2.11.7.1-all-languages/ HTTP/1.1" 301 297 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpMyAdmin-2.11.6-all-languages/ HTTP/1.1" 301 295 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/phpMyAdmin-2.11.5.1-all-languages/ HTTP/1.1" 301 297 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/administrator/phpmyadmin/ HTTP/1.1" 301 288 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/administrator/phpMyAdmin/ HTTP/1.1" 301 288 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/administrator/db/ HTTP/1.1" 301 280 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:08 -0600] "HEAD http://174.143.180.107:80/administrator/web/ HTTP/1.1" 301 281 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:09 -0600] "HEAD http://174.143.180.107:80/administrator/phpmyadmin/ HTTP/1.1" 301 288 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:09 -0600] "HEAD http://174.143.180.107:80/administrator/phpMyAdmin/ HTTP/1.1" 301 288 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:09 -0600] "HEAD http://174.143.180.107:80/administrator/pma/ HTTP/1.1" 301 281 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:09 -0600] "HEAD http://174.143.180.107:80/administrator/db/ HTTP/1.1" 301 280 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:09 -0600] "HEAD http://174.143.180.107:80/administrator/web/ HTTP/1.1" 301 281 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:09 -0600] "HEAD http://174.143.180.107:80/administrator/PMA/ HTTP/1.1" 301 281 "-" "revolt"
75.126.53.106 - - [16/Dec/2009:16:11:09 -0600] "HEAD http://174.143.180.107:80/administrator/admin/ HTTP/1.1" 500 182 "-" "revolt"

This Dallas host with the user agent "revolt" managed to try ninety-seven different combinations of phpMyAdmin URLs within a matter of three seconds. Had they hit a correct URL and encountered a MySQL installation with a default root login, they would have easily gained access to any internal information the MySQL server might be storing. This includes--but is not limited to--e-mail accounts, personal visitor information, and database schema. With this power, one can easily trash a complete MySQL server installation, perhaps beyond a point of recovery.

phpMyAdmin Layers of Security

  • Change the default phpMyAdmin URL and port
  • Set restrictions with .htaccess or .htpasswd file
  • Disable root logins
  • Create a user with limited privileges
  • Use encryption (SSL) for connections with phpMyAdmin

We are only discussing phpMyAdmin and MySQL, but this may also apply to any server software where critical information is being exchanged between two computers. Remember, with each new layer of security, you are adding another door to your internal information.

Short URL: http://mayavps.com/a5
If you enjoyed this post, please subscribe to new ones via e-mail, RSS, or Twitter.
1 0 0

No comments yet

What's on your mind?

Gravatar

HTML not converted, links begin with http://, and UTF-8 (unicode) characters accepted.
Code blocks should be wrapped in [code][/code], inline code snippets in [ic][/ic], and bold elements in [b][/b] identifiers.