They seem to come in waves. Every now and again I get a flood of these as some new scriptkiddie has a go

Keith


On 26 January 2014 11:20, Mike Zanker <mike@zanker.org> wrote:
Since around 05:00 today I've seen a great increase in attacks against
httpd. I've currently got 18 IP addresses blocked by fail2ban (compared
with the usual one or two per day). I'm matching as follows:

failregex = \[client <HOST>\] File does not exist:.*(?i)admin.*
            \[client <HOST>\] File does not exist:.*(?i)manager.*
            \[client <HOST>\] File does not exist:.*(?i)setup.*
            \[client <HOST>\] File does not exist:.*(?i)mysql.*
            \[client <HOST>\] File does not exist:.*(?i)sqlweb.*
            \[client <HOST>\] File does not exist:.*(?i)webdb.*
            \[client <HOST>\] File does not exist:.*(?i)pma.*
            \[client <HOST>\] File does not exist:.*(?i)vtigercrm.*
            \[client <HOST>\] File does not exist:.*(?i)w00tw00t.*
            \[client <HOST>\] File does not exist:.*(?i)xampp.*
            \[client <HOST>\] File does not exist:.*(?i)phpTest.*

Most of the attacks are against phpmyadmin and phpTest and are
far-eastern IP addresses.

I'm not particularly concerned, just curious whether it's me being
targeted or just a sweep of Bitfolk subnets.

Thanks,

Mike

_______________________________________________
users mailing list
users@lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users



--
Keith Williams
 
Keith's Place  www.keiths-place.co.uk
 
Tailor Made English   www.tmenglish.org
 
West Norfolk RSPCA www.westnorfolkrspca.org.uk