GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Webmaster Q & Fuckin' A (https://gfy.com/forumdisplay.php?f=27)
-   -   Am I being hacked? Code question (https://gfy.com/showthread.php?t=1063363)

TrixieSixx 04-03-2012 01:15 PM
Am I being hacked? Code question
 
I have no web training, but really enjoy being thrown into it unexpectedly, and have been on the lookout for hackers. The old webmaster used a "backdoor" into the site, and deleted some pages, so I try to keep an eye on the access log to see who has been looking at what.

I came across a bunch of these types of codes:

"GET /phpMyAdmin-2/index.php HTTP/1.1"
"GET /phpMyAdmin/index.php HTTP/1.1"
"GET /mysqladmin/index.php HTTP/1.1"
"GET /db/index.php HTTP/1.1"

It's a strange IP also, in another country, I have blocked it to be safe, but I wasn't sure if this was a way into the site? I don't want to go on a blocking rampage, but I don't normally see anyone trying to access anything php related, any insight is helpful.
Thanks,
Trix

livexxx 04-03-2012 01:50 PM
They are phishing to see if you have admin/maintainance software on the site. You'll probably see a load of other types from that same IP as they run through known software that might be left on the site. Check of course that software isnt sitting on your site

TrixieSixx 04-03-2012 07:41 PM
it's an old site, with many hands that have been in it, I wouldn't know where to look, but that answer definitely helped to steer me in the right direction.
many thanks!
Trix

Kostly 04-04-2012 02:31 PM
Backup ASAP, and upgrade your software (if possible).

TrixieSixx 04-04-2012 06:48 PM
there is software involved? I access the site through c-panel, and have no knowledge of any upgrades that could be made. When the hack occurred (and the lawyers have ok'd me to talk about it), he was caught red-handed logging in with his own username, and two pages I was updating disappeared when he accessed them (I was accused of deleting them, by the hosting company, but I didn't). We are moving to a new server, but I still have years and years of files sitting around, not sure where to look for anything.

cgiGeek 04-11-2012 01:07 PM
Quote:
Originally Posted by TrixieSixx (Post 18864025)
I have no web training, but really enjoy being thrown into it unexpectedly, and have been on the lookout for hackers. The old webmaster used a "backdoor" into the site, and deleted some pages, so I try to keep an eye on the access log to see who has been looking at what.

I came across a bunch of these types of codes:

"GET /phpMyAdmin-2/index.php HTTP/1.1"
"GET /phpMyAdmin/index.php HTTP/1.1"
"GET /mysqladmin/index.php HTTP/1.1"
"GET /db/index.php HTTP/1.1"

It's a strange IP also, in another country, I have blocked it to be safe, but I wasn't sure if this was a way into the site? I don't want to go on a blocking rampage, but I don't normally see anyone trying to access anything php related, any insight is helpful.
Thanks,
Trix
if those have a code like 404 dont worry
if code is 2xx page was found depending how old it is you may have been hacked,
phpmyadmin is one of the mose insecure pieces of software out there, you should not have it unprotected, delete all the phpmyadmin installs , install a private secure by ip/login one save your self some headaches


All times are GMT -7. The time now is 12:58 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc