Am I being hacked? Code question

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • TrixieSixx
    Registered User
    • Jan 2012
    • 4

    #1

    Am I being hacked? Code question

    I have no web training, but really enjoy being thrown into it unexpectedly, and have been on the lookout for hackers. The old webmaster used a "backdoor" into the site, and deleted some pages, so I try to keep an eye on the access log to see who has been looking at what.

    I came across a bunch of these types of codes:

    "GET /phpMyAdmin-2/index.php HTTP/1.1"
    "GET /phpMyAdmin/index.php HTTP/1.1"
    "GET /mysqladmin/index.php HTTP/1.1"
    "GET /db/index.php HTTP/1.1"

    It's a strange IP also, in another country, I have blocked it to be safe, but I wasn't sure if this was a way into the site? I don't want to go on a blocking rampage, but I don't normally see anyone trying to access anything php related, any insight is helpful.
    Thanks,
    Trix
  • livexxx
    Confirmed User
    • May 2005
    • 1201

    #2
    They are phishing to see if you have admin/maintainance software on the site. You'll probably see a load of other types from that same IP as they run through known software that might be left on the site. Check of course that software isnt sitting on your site
    http://www.webcamalerts.com for auto tweets for web cam operators

    Comment

    • TrixieSixx
      Registered User
      • Jan 2012
      • 4

      #3
      it's an old site, with many hands that have been in it, I wouldn't know where to look, but that answer definitely helped to steer me in the right direction.
      many thanks!
      Trix

      Comment

      • Kostly
        Confirmed User
        • Oct 2011
        • 474

        #4
        Backup ASAP, and upgrade your software (if possible).
        Slippery Onion - Upload Images for Free Backlinks
        Our Kinky Life - Our Adult Sites

        Comment

        • TrixieSixx
          Registered User
          • Jan 2012
          • 4

          #5
          there is software involved? I access the site through c-panel, and have no knowledge of any upgrades that could be made. When the hack occurred (and the lawyers have ok'd me to talk about it), he was caught red-handed logging in with his own username, and two pages I was updating disappeared when he accessed them (I was accused of deleting them, by the hosting company, but I didn't). We are moving to a new server, but I still have years and years of files sitting around, not sure where to look for anything.

          Comment

          • cgiGeek
            Confirmed User
            • Jan 2002
            • 203

            #6
            Originally posted by TrixieSixx
            I have no web training, but really enjoy being thrown into it unexpectedly, and have been on the lookout for hackers. The old webmaster used a "backdoor" into the site, and deleted some pages, so I try to keep an eye on the access log to see who has been looking at what.

            I came across a bunch of these types of codes:

            "GET /phpMyAdmin-2/index.php HTTP/1.1"
            "GET /phpMyAdmin/index.php HTTP/1.1"
            "GET /mysqladmin/index.php HTTP/1.1"
            "GET /db/index.php HTTP/1.1"

            It's a strange IP also, in another country, I have blocked it to be safe, but I wasn't sure if this was a way into the site? I don't want to go on a blocking rampage, but I don't normally see anyone trying to access anything php related, any insight is helpful.
            Thanks,
            Trix
            if those have a code like 404 dont worry
            if code is 2xx page was found depending how old it is you may have been hacked,
            phpmyadmin is one of the mose insecure pieces of software out there, you should not have it unprotected, delete all the phpmyadmin installs , install a private secure by ip/login one save your self some headaches
            Need help dealing with a hacked website? Contact me via icq 163583431 :D
            Premium Bandwidth Managed Servers, 12 Years in business xxxHOSTit.com
            I work for xxxhostit.com

            Comment

            Working...