PhpMyAdmin scanner

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • AndyP
    Junior Member
    • Dec 2005
    • 13

    PhpMyAdmin scanner

    I found this in my raw access logs:

    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /phpmyadmin/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /PMA/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /mysql/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /db/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /dbadmin/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /admin/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /web/phpMyAdmin/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /admin/pma/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /admin/phpmyadmin/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /admin/mysql/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /mysql-admin/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /phpmyadmin2/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /mysqladmin/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /mysql-admin/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 613 "-" "pmafind"
    68.91.140.xxx - - [09/Mar/2006:16:15:08 -0600] "GET /myadmin/main.php HTTP/1.0" 404 613 "-" "pmafind"

    Note that the user agent is "pmafind". I did some research and found that this program scans for phpMyAdmin paths (as if the logs didn't speak for themselves) that are vulnerable. Supposedly there is a version that scans over 30 paths. I guess if you have phpmyadmin on any server with no password (which is dumb anyway) this might be some extra incentive to take it down.
Working...