Welcome Guest | Login

Am I being Hacked?

One of my users reported an application error, so I check the logs. It looked like MYSQL was not running (see last error). I browsed the rest of the logs and came upon a strange set of errors looking like someone was hacking into PHPMyAdmin.  Has anyone else encountered such a thing?


Processing ApplicationController#index (for 206.53.51.217 at 2008-03-16 10:20:58) [GET]
 Session ID: 73bfb6770962bc33727ba094cf273738
 Parameters: {}ActionController::RoutingError (no route found to match "/phpmyadmin/main.php" with {:method=>:get}):

ActionController::RoutingError (no route found to match "/phpMyAdmin/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/PHPMYADMIN/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/pHpMyAdMiN/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/PhPmYaDmIn/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/PHPmyadmin/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/PHPMYadmin/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMYadmin/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpmyADMIN/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/pmamy/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/pma/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/PMA/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/myadmin/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/MYADMIN/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/MYadmin/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/myADMIN/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/MyAdmin/main.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/PMA/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpmyadmin/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/mysql/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/admin/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/db/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/dbadmin/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/web/phpMyAdmin/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/admin/pma/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/admin/phpmyadmin/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpmyadmin2/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/mysqladmin/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/mysql-admin/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.5.6/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.5.4/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.5.1/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.2.3/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.9.1/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.9.0/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.9.0.2/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.9.0.1/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.8.2.4/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.8.2.4/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.8.2.1/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.7.0-pl2/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.7.0/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.6.4-pl4/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.6.4/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.8.1/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.2.6/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.2.7/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.2.7-pl1/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpMyAdmin-2.2.0/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/myadmin/main.phpmain.php" with {:method=>:get}):
ActionController::RoutingError (no route found to match "/phpmyadmin/test.phpmain.php" with {:method=>:get}):

----------------------------------------------------------

Processing ApplicationController#index (for 208.53.138.16 at 2008-03-17 12:22:06) [GET]
 Session ID: 9c8a356429bac9bd65d1102c77684f17
 Parameters: {}
ActionController::RoutingError (no route found to match "/pt.php" with {:method=>:get}):

----------------------------------------------------------

Processing ApplicationController#index (for 58.147.23.2 at 2008-03-17 18:45:16) [GET]
 Session ID: 0fd58cbd327c62eeb2b5b6a12a2ac675
 Parameters: {}
ActionController::RoutingError (no route found to match "/cacti/cmd.php" with {:method=>:get}):

----------------------------------------------------------

Processing AccountController#login (for 204.116.42.54 at 2008-03-18 08:03:31) [POST]
 Session ID: 6a9657a61cd62fb647bf371c2f21d0b8
 Parameters: {"commit"=>"Log in", "action"=>"login", "controller"=>"account", "login"=>"[FILTERED]", "password"=>"[FILTERED]"}

Mysql::Error (Can't connect to local MySQL server through socket '/tmp/mysql.sock' (111)):

2008-03-18 10:49 AM

Yes - unfortunately these kind of hacking attempts are very common.  We have them coming from different IPs to many servers through many sites non-stop 24/7 - the best thing you can do is report the offending IPs to support and they'll get them blocked at the firewall level ASAP and take appropriate action to report the abuse.  

2008-03-18 02:35 PM


Hello Guest! In order to post you must be an active client with us, please log in or sign up today!