我是否通过PHPMyAdmin被黑客入侵了?

时间:2018-06-28 12:20:45

标签: phpmyadmin

在我的访问日志中删除了此内容,经过一番阅读后发现这是phpmyadmin中的一个可能的漏洞,我怎么知道他们的攻击是否成功?

这是此特定指令集的访问日志。

103.101.177.22 - - [28/Jun/2018:11:52:05 +0000] "GET /webdav/ HTTP/1.1" 302 543 "-" "-"
103.101.177.22 - - [28/Jun/2018:11:52:05 +0000] "POST /wuwu11.php HTTP/1.1" 302 543 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:07 +0000] "POST /xw.php HTTP/1.1" 302 543 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:07 +0000] "POST /xx.php HTTP/1.1" 302 543 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:08 +0000] "POST /s.php HTTP/1.1" 302 543 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:08 +0000] "POST /w.php HTTP/1.1" 302 543 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:09 +0000] "POST /db.init.php HTTP/1.1" 302 543 "-" "Mozilla/5.0"
::1 - - [28/Jun/2018:11:52:09 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
103.101.177.22 - - [28/Jun/2018:11:52:10 +0000] "POST /db_session.init.php HTTP/1.1" 302 543 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:10 +0000] "POST /sheep.php HTTP/1.1" 302 543 "-" "Mozilla/5.0"
::1 - - [28/Jun/2018:11:52:10 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
::1 - - [28/Jun/2018:11:52:11 +0000] "OPTIONS * HTTP/1.0" 200 126 "-" "Apache/2.4.18 (Ubuntu) OpenSSL/1.0.2g (internal dummy connection)"
103.101.177.22 - - [28/Jun/2018:11:52:12 +0000] "GET /index.php HTTP/1.1" 200 15959 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:13 +0000] "GET /phpmyadmin/index.php HTTP/1.1" 401 729 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:14 +0000] "GET /phpMyAdmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:14 +0000] "GET /pmd/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:14 +0000] "GET /pma/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:14 +0000] "GET /PMA/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:15 +0000] "GET /PMA2/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:15 +0000] "GET /pmamy/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:15 +0000] "GET /pmamy2/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:15 +0000] "GET /mysql/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:16 +0000] "GET /admin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:16 +0000] "GET /db/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:17 +0000] "GET /dbadmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:17 +0000] "GET /web/phpMyAdmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:17 +0000] "GET /admin/pma/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:17 +0000] "GET /admin/PMA/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:18 +0000] "GET /admin/mysql/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:18 +0000] "GET /admin/mysql2/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:18 +0000] "GET /admin/phpmyadmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:19 +0000] "GET /admin/phpMyAdmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:19 +0000] "GET /admin/phpmyadmin2/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:19 +0000] "GET /mysqladmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:19 +0000] "GET /mysql-admin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:20 +0000] "GET /phpadmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:20 +0000] "GET /phpmyadmin0/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:21 +0000] "GET /phpmyadmin1/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:21 +0000] "GET /phpmyadmin2/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:21 +0000] "GET /myadmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:21 +0000] "GET /myadmin2/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:22 +0000] "GET /xampp/phpmyadmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:22 +0000] "GET /phpMyadmin_bak/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:22 +0000] "GET /www/phpMyAdmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:22 +0000] "GET /tools/phpMyAdmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:23 +0000] "GET /phpmyadmin-old/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:23 +0000] "GET /phpMyAdminold/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:23 +0000] "GET /phpMyAdmin.old/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:24 +0000] "GET /pma-old/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:24 +0000] "GET /claroline/phpMyAdmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:25 +0000] "GET /typo3/phpmyadmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:25 +0000] "GET /phpma/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:26 +0000] "GET /phpmyadmin/phpmyadmin/index.php HTTP/1.1" 401 729 "-" "Mozilla/5.0"
103.101.177.22 - - [28/Jun/2018:11:52:26 +0000] "GET /phpMyAdmin/phpMyAdmin/index.php HTTP/1.1" 302 579 "-" "Mozilla/5.0"

1 个答案:

答案 0 :(得分:1)

那不是被黑客入侵的证据。
似乎有人试图访问phpmyadmin的安装。由于可以以不同的方式包含phpmyadmin,从而导致不同的url路径,因此他尝试了所有已知的路径,希望获得有效的响应。
在默认路径之间,您可以找到一些将phpmyadmin安装为CMS子模块的路径。 我知道TYPO3和phpmyadmin模块位于/typo3conf/ext/phpmyadmin//typo3/通常只是TYPO3源代码的符号链接,没有像phpmyadmin这样的外部模块。