My Internet Notebook

a journal on software, mobile, marketing

Archive for August, 2005

It is a Jungle Out There

leave a comment

I was browsing my web server log file and noticed a few strange lines. It seems someone is trying to explore possible break-ins through known security holes, e.g. sql injections holes of many php-mysql based discussion forums program.

82.77.150.112 7168 [05/Aug/2005:03:31:41 -0700] “GET /forum/ HTTP/1.1” 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:31:42 -0700] “GET /phpBB/ HTTP/1.1” 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:31:43 -0700] “GET / HTTP/1.1” 404 0 206
82.77.150.112 7168 [05/Aug/2005:03:31:43 -0700] “GET /forums/ HTTP/1.1” 404 0 213
82.77.150.112 7168 [05/Aug/2005:03:31:44 -0700] “GET /phpbb/ HTTP/1.1” 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:31:50 -0700] “GET /board/ HTTP/1.1” 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:31:54 -0700] “GET /boards/ HTTP/1.1” 404 0 213
82.77.150.112 7168 [05/Aug/2005:03:31:58 -0700] “GET /phpBB2/ HTTP/1.1” 404 0 213
82.77.150.112 7168 [05/Aug/2005:03:32:01 -0700] “GET /msgboard/ HTTP/1.1” 404 0 215
82.77.150.112 7168 [05/Aug/2005:03:32:05 -0700] “GET /foros/ HTTP/1.1” 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:32:09 -0700] “GET /portal/ HTTP/1.1” 404 0 213
82.77.150.112 7168 [05/Aug/2005:03:32:09 -0700] “GET /discussion/ HTTP/1.1” 404 0 217
82.77.150.112 7168 [05/Aug/2005:03:32:10 -0700] “GET /nar/ HTTP/1.1” 404 0 210
82.77.150.112 7168 [05/Aug/2005:03:32:13 -0700] “GET /html/forum/ HTTP/1.1” 404 0 217
82.77.150.112 7168 [05/Aug/2005:03:32:13 -0700] “GET /html/forums/ HTTP/1.1” 404 0 218
82.77.150.112 7168 [05/Aug/2005:03:32:14 -0700] “GET /Forum/ HTTP/1.1” 404 0 212
82.77.150.112 7168 [05/Aug/2005:03:32:18 -0700] “GET /Forums/ HTTP/1.1” 404 0 213
82.77.150.112 7168 [05/Aug/2005:03:32:24 -0700] “GET /bb/ HTTP/1.1” 404 0 209
82.77.150.112 7168 [05/Aug/2005:03:32:24 -0700] “GET /ugboard/ HTTP/1.1” 404 0 214
82.77.150.112 7168 [05/Aug/2005:03:32:28 -0700] “GET /ugboards/ HTTP/1.1” 404 0 215
82.77.150.112 7168 [05/Aug/2005:03:32:28 -0700] “GET /newboard/ HTTP/1.1” 404 0 215
82.77.150.112 7168 [05/Aug/2005:03:32:35 -0700] “GET /newboards/ HTTP/1.1” 404 0 216
82.77.150.112 7168 [05/Aug/2005:03:32:35 -0700] “GET /members/phpBB/ HTTP/1.1” 404 0 220
82.77.150.112 7168 [05/Aug/2005:03:32:39 -0700] “GET /members/phpBB2/ HTTP/1.1” 404 0 221
82.77.150.112 7168 [05/Aug/2005:03:32:43 -0700] “GET /members/phpbb/ HTTP/1.1” 404 0 220
82.77.150.112 7168 [05/Aug/2005:03:32:46 -0700] “GET /portal/forum/ HTTP/1.1” 404 0 219
82.77.150.112 7168 [05/Aug/2005:03:32:49 -0700] “GET /portal/forums/ HTTP/1.1” 404 0 220
82.77.150.112 7168 [05/Aug/2005:03:32:55 -0700] “GET /bbs/ HTTP/1.1” 404 0 210
82.77.150.112 7168 [05/Aug/2005:03:32:58 -0700] “GET /bulletinboard/ HTTP/1.1” 404 0 220
82.77.150.112 7168 [05/Aug/2005:03:33:02 -0700] “GET /bulletinboards/ HTTP/1.1” 404 0 221

I think that this is a reminder that no one is really safe on the internet and if you run at website, make sure you keep with security patches.
Btw, the IP address was traced back to Romania.

Written by Y.

August 5th, 2005 at 10:10 am

Posted in Security