phpMyAdminへの攻撃について

LTdKR
自宅サーバへphpMyAdminへの攻撃がありました。

最近WEBベースからのクラックが増えていると思います。phpmyadminをサーバへインスートールされている方は十分注意と対処をしてください。

「対処方法」

・.htaccessファイル等でBASIC認証をphpMyAdminにかけ、アクセスできるところを限定する。

・phpMyAdminのファイル名をユニークな推測されないものへ変更する方法。
・出来る限りphpMyAdminをインストールしない。

・カーネルのバージョンをあたらしいものへ変更する(root権限)を乗っ取られるのを防止するため。

・phpMyAdmin – 2.11.9.5もしくは、phpMyAdmin 3.1.31の最新版のものを利用する。
・config/config.inc.phpを有無を確認し、存在する場合は削除する。

一部引用。 http://www.nttdata-sec.co.jp/article/vulner/pdf/report20090615.pdf

以下ログはphpMyAdminの脆弱性を狙いに来ているアクセスログです。

58.242.3.10 – – [30/Jul/2010:23:37:17 +0900] “GET /phpMyAdmin-2.11.1/scripts/setup.php HTTP/1.1” 404 199 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:18 +0900] “GET /phpMyAdmin-2.11.10/scripts/setup.php HTTP/1.1” 404 200 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:18 +0900] “GET /phpMyAdmin-2.11.2/scripts/setup.php HTTP/1.1” 404 199 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:18 +0900] “GET /phpMyAdmin-2.11.3/scripts/setup.php HTTP/1.1” 404 200 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:18 +0900] “GET /phpMyAdmin-2.11.4/scripts/setup.php HTTP/1.1” 404 199 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:18 +0900] “GET /phpMyAdmin-2.11.5/scripts/setup.php HTTP/1.1” 404 201 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:18 +0900] “GET /phpMyAdmin-2.11.6/scripts/setup.php HTTP/1.1” 404 201 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:18 +0900] “GET /phpMyAdmin-2.11.7/scripts/setup.php HTTP/1.1” 404 201 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:19 +0900] “GET /phpMyAdmin-2.11.8/scripts/setup.php HTTP/1.1” 404 202 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:19 +0900] “GET /phpMyAdmin-2.11.9/scripts/setup.php HTTP/1.1” 404 201 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:19 +0900] “GET /phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1” 404 199 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:19 +0900] “GET /phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1” 404 200 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:19 +0900] “GET /phpMyAdmin-2.3.0/scripts/setup.php HTTP/1.1” 404 199 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:19 +0900] “GET /phpMyAdmin-2.3.1/scripts/setup.php HTTP/1.1” 404 199 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:19 +0900] “GET /phpMyAdmin-2.3.2/scripts/setup.php HTTP/1.1” 404 199 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:20 +0900] “GET /phpMyAdmin-2.3.3/scripts/setup.php HTTP/1.1” 404 199 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:20 +0900] “GET /phpMyAdmin-2.3.4/scripts/setup.php HTTP/1.1” 404 199 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:20 +0900] “GET /phpMyAdmin-2.3.5/scripts/setup.php HTTP/1.1” 404 199 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:20 +0900] “GET /phpMyAdmin-2.3.6/scripts/setup.php HTTP/1.1” 404 200 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6”

58.242.3.10 – – [30/Jul/2010:23:37:20 +0900] “GET /phpMyAdmin-2.3.7/scripts/setup.php HTTP/1.1” 404 200 “-” “Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:9.2.6) Gecko/20100625 Firefox/3.6.6”

エラーログ

[Mon Oct 25 23:03:54 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin
[Mon Oct 25 23:03:55 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2
[Mon Oct 25 23:03:56 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/php-my-admin
[Mon Oct 25 23:03:57 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.2.3
[Mon Oct 25 23:03:58 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.2.6
[Mon Oct 25 23:03:59 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.1
[Mon Oct 25 23:03:59 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.4
[Mon Oct 25 23:04:00 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.5-rc1
[Mon Oct 25 23:04:01 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.5-rc2
[Mon Oct 25 23:04:02 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.5
[Mon Oct 25 23:04:03 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.5-pl1
[Mon Oct 25 23:04:04 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.6-rc1
[Mon Oct 25 23:04:05 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.6-rc2
[Mon Oct 25 23:04:06 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.6
[Mon Oct 25 23:04:07 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.7
[Mon Oct 25 23:04:08 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.5.7-pl1
[Mon Oct 25 23:04:09 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0-alpha
[Mon Oct 25 23:04:10 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0-alpha2
[Mon Oct 25 23:04:11 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0-beta1
[Mon Oct 25 23:04:12 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0-beta2
[Mon Oct 25 23:04:13 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0-rc1
[Mon Oct 25 23:04:14 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0-rc2
[Mon Oct 25 23:04:15 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0-rc3
[Mon Oct 25 23:04:16 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0
[Mon Oct 25 23:04:20 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0-pl1
[Mon Oct 25 23:04:21 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0-pl2
[Mon Oct 25 23:04:22 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.0-pl3
[Mon Oct 25 23:04:23 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.1-rc1
[Mon Oct 25 23:04:24 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.1-rc2
[Mon Oct 25 23:04:25 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.1
[Mon Oct 25 23:04:25 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.1-pl1
[Mon Oct 25 23:04:26 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.1-pl2
[Mon Oct 25 23:04:30 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.2-rc1
[Mon Oct 25 23:04:31 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.2-beta1
[Mon Oct 25 23:04:32 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.2-rc1
[Mon Oct 25 23:04:33 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.2
[Mon Oct 25 23:04:34 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.2-pl1
[Mon Oct 25 23:04:35 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.3
[Mon Oct 25 23:04:30 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.2-rc1
[Mon Oct 25 23:04:31 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.2-beta1
[Mon Oct 25 23:04:32 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.2-rc1
[Mon Oct 25 23:04:33 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.2
[Mon Oct 25 23:04:34 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.2-pl1
[Mon Oct 25 23:04:35 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.3
[Mon Oct 25 23:04:36 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.3-rc1
[Mon Oct 25 23:04:37 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.3
[Mon Oct 25 23:04:38 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.3-pl1
[Mon Oct 25 23:04:39 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.4-rc1
[Mon Oct 25 23:04:40 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.4-pl1
[Mon Oct 25 23:04:41 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.4-pl2
[Mon Oct 25 23:04:42 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.4-pl3
[Mon Oct 25 23:04:43 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.4-pl4
[Mon Oct 25 23:04:44 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.6.4
[Mon Oct 25 23:04:45 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.7.0-beta1
[Mon Oct 25 23:04:46 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.7.0-rc1
[Mon Oct 25 23:04:46 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.7.0-pl1
[Mon Oct 25 23:04:47 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.7.0-pl2
[Mon Oct 25 23:04:48 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.7.0
[Mon Oct 25 23:04:49 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.8.0-beta1
[Mon Oct 25 23:04:50 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.8.0-rc1
[Mon Oct 25 23:04:51 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.8.0-rc2
[Mon Oct 25 23:04:52 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.8.0
[Mon Oct 25 23:04:55 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.8.0.1
[Mon Oct 25 23:04:56 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.8.0.2
[Mon Oct 25 23:05:03 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.8.1-rc1
[Mon Oct 25 23:05:04 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.8.1
[Mon Oct 25 23:05:05 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpMyAdmin-2.8.2
[Mon Oct 25 23:05:06 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/sqlmanager
[Mon Oct 25 23:05:07 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/mysqlmanager
[Mon Oct 25 23:05:08 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/p
[Mon Oct 25 23:05:08 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/PMA2005
[Mon Oct 25 23:05:09 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/pma2005
[Mon Oct 25 23:05:11 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpmanager
[Mon Oct 25 23:05:12 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/php-myadmin
[Mon Oct 25 23:05:13 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/phpmy-admin
[Mon Oct 25 23:05:13 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/webadmin
[Mon Oct 25 23:05:14 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/sqlweb
[Mon Oct 25 23:05:15 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/websql
[Mon Oct 25 23:05:15 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/webdb
[Mon Oct 25 23:05:16 2010] [error] [client 193.194.64.243] File does not exist: /var/www/html/mysqladmin
[Mon Oct 25 23:05:17 2010] [error] [client ] File does not exist: /var/www/html/mysql-admin

にほんブログ村 IT技術ブログ CentOSへ
にほんブログ村