Logwatch contents
Posted: 02 Mar 2016, 05:58
Normally my logwatch contents sent to me from my B3 each day are boring. This I think is a good place to be. However, day yesterday the following was part of the contents. Before shooting off down a dead end I'd be interested in the views of anyone who understands Apache.
To me it looks like somebody from 137.226.113.7 as been trying to poke around trying myadmin and phpMyAdmin. whois says the owner is Andreas Schreiber at RWTH Aachen University.
I had port forwarding set up on my router for http and https so I could access information on the B3 remotely. I've closed them for now. Makes me think I should put equivalent of logwatch on my second B3 which has been running Arch.
--------------------- httpd Begin ------------------------
A total of 1 sites probed the server
137.226.113.7
Requests with error response codes
400 Bad Request
/: 3 Time(s)
404 Not Found
//MyAdmin/scripts/setup.php: 1 Time(s)
//cgi-bin/php-cgi: 1 Time(s)
//cgi-bin/php.cgi: 1 Time(s)
//cgi-bin/php4: 1 Time(s)
//myadmin/scripts/setup.php: 1 Time(s)
//phpMyAdmin/scripts/setup.php: 1 Time(s)
//phpmyadmin/scripts/setup.php: 1 Time(s)
//pma/scripts/setup.php: 1 Time(s)
/index.php: 1 Time(s)
/muieblackcat: 1 Time(s)
/myadmin/scripts/setup.php: 1 Time(s)
/phpMyAdmin/scripts/setup.php: 1 Time(s)
/pma/scripts/setup.php: 1 Time(s)
http://www.baidu.com/robots.txt: 1 Time(s)
405 Method Not Allowed
/: 21 Time(s)
/.well-known/carddav: 21 Time(s)
/principals/: 21 Time(s)
408 Request Timeout
null: 1 Time(s)
500 Internal Server Error
//cgi-bin/php: 1 Time(s)
//cgi-bin/php5: 1 Time(s)
---------------------- httpd End -------------------------
To me it looks like somebody from 137.226.113.7 as been trying to poke around trying myadmin and phpMyAdmin. whois says the owner is Andreas Schreiber at RWTH Aachen University.
I had port forwarding set up on my router for http and https so I could access information on the B3 remotely. I've closed them for now. Makes me think I should put equivalent of logwatch on my second B3 which has been running Arch.
--------------------- httpd Begin ------------------------
A total of 1 sites probed the server
137.226.113.7
Requests with error response codes
400 Bad Request
/: 3 Time(s)
404 Not Found
//MyAdmin/scripts/setup.php: 1 Time(s)
//cgi-bin/php-cgi: 1 Time(s)
//cgi-bin/php.cgi: 1 Time(s)
//cgi-bin/php4: 1 Time(s)
//myadmin/scripts/setup.php: 1 Time(s)
//phpMyAdmin/scripts/setup.php: 1 Time(s)
//phpmyadmin/scripts/setup.php: 1 Time(s)
//pma/scripts/setup.php: 1 Time(s)
/index.php: 1 Time(s)
/muieblackcat: 1 Time(s)
/myadmin/scripts/setup.php: 1 Time(s)
/phpMyAdmin/scripts/setup.php: 1 Time(s)
/pma/scripts/setup.php: 1 Time(s)
http://www.baidu.com/robots.txt: 1 Time(s)
405 Method Not Allowed
/: 21 Time(s)
/.well-known/carddav: 21 Time(s)
/principals/: 21 Time(s)
408 Request Timeout
null: 1 Time(s)
500 Internal Server Error
//cgi-bin/php: 1 Time(s)
//cgi-bin/php5: 1 Time(s)
---------------------- httpd End -------------------------