Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Possible hacking attempt. How to tell if my db has been compromised

I have the following in my log file with seconds apart. I'm assuming something was trying to find my database or an admin page or something, but i'm not sure.

Should I be worried about this and how can I tell if my db has been compromised?

ERROR - 2011-09-23 20:51:42 --> 404 Page Not Found --> muieblackcat
ERROR - 2011-09-23 20:51:46 --> 404 Page Not Found --> PMA
ERROR - 2011-09-23 20:51:46 --> 404 Page Not Found --> admin
ERROR - 2011-09-23 20:51:47 --> 404 Page Not Found --> dbadmin
ERROR - 2011-09-23 20:51:48 --> 404 Page Not Found --> mysql
ERROR - 2011-09-23 20:51:48 --> 404 Page Not Found --> myadmin
ERROR - 2011-09-23 20:51:48 --> 404 Page Not Found --> phpmyadmin2
ERROR - 2011-09-23 20:51:49 --> 404 Page Not Found --> phpMyAdmin2
ERROR - 2011-09-23 20:51:49 --> 404 Page Not Found --> phpMyAdmin-2
ERROR - 2011-09-23 20:51:50 --> 404 Page Not Found --> php-my-admin
ERROR - 2011-09-23 20:51:50 --> 404 Page Not Found --> phpMyAdmin-2.2.3
ERROR - 2011-09-23 20:51:51 --> 404 Page Not Found --> phpMyAdmin-2.2.6
ERROR - 2011-09-23 20:51:52 --> 404 Page Not Found --> phpMyAdmin-2.5.1
ERROR - 2011-09-23 20:51:52 --> 404 Page Not Found --> phpMyAdmin-2.5.4
ERROR - 2011-09-23 20:51:53 --> 404 Page Not Found --> phpMyAdmin-2.5.5-rc1
ERROR - 2011-09-23 20:51:53 --> 404 Page Not Found --> phpMyAdmin-2.5.5-rc2
ERROR - 2011-09-23 20:51:54 --> 404 Page Not Found --> phpMyAdmin-2.5.5
ERROR - 2011-09-23 20:51:54 --> 404 Page Not Found --> phpMyAdmin-2.5.5-pl1
ERROR - 2011-09-23 20:51:55 --> 404 Page Not Found --> phpMyAdmin-2.5.6-rc1
ERROR - 2011-09-23 20:51:58 --> 404 Page Not Found --> phpMyAdmin-2.5.6
ERROR - 2011-09-23 20:51:59 --> 404 Page Not Found --> phpMyAdmin-2.5.7
ERROR - 2011-09-23 20:51:59 --> 404 Page Not Found --> phpMyAdmin-2.5.7-pl1
ERROR - 2011-09-23 20:52:00 --> 404 Page Not Found --> phpMyAdmin-2.6.0-alpha
ERROR - 2011-09-23 20:52:00 --> 404 Page Not Found --> phpMyAdmin-2.6.0-alpha2
ERROR - 2011-09-23 20:52:04 --> 404 Page Not Found --> phpMyAdmin-2.6.0-beta2
ERROR - 2011-09-23 20:52:04 --> 404 Page Not Found --> phpMyAdmin-2.6.0-rc1
ERROR - 2011-09-23 20:52:05 --> 404 Page Not Found --> phpMyAdmin-2.6.0-rc2
ERROR - 2011-09-23 20:52:05 --> 404 Page Not Found --> phpMyAdmin-2.6.0-rc3
ERROR - 2011-09-23 20:52:09 --> 404 Page Not Found --> phpMyAdmin-2.6.0-pl1
ERROR - 2011-09-23 20:52:09 --> 404 Page Not Found --> phpMyAdmin-2.6.0-pl2
ERROR - 2011-09-23 20:52:10 --> 404 Page Not Found --> phpMyAdmin-2.6.0-pl3
ERROR - 2011-09-23 20:52:10 --> 404 Page Not Found --> phpMyAdmin-2.6.1-rc1
ERROR - 2011-09-23 20:52:11 --> 404 Page Not Found --> phpMyAdmin-2.6.1-rc2
ERROR - 2011-09-23 20:52:11 --> 404 Page Not Found --> phpMyAdmin-2.6.1
ERROR - 2011-09-23 20:52:15 --> 404 Page Not Found --> phpMyAdmin-2.6.1-pl2
ERROR - 2011-09-23 20:52:15 --> 404 Page Not Found --> phpMyAdmin-2.6.1-pl3
ERROR - 2011-09-23 20:52:16 --> 404 Page Not Found --> phpMyAdmin-2.6.2-rc1
ERROR - 2011-09-23 20:52:16 --> 404 Page Not Found --> phpMyAdmin-2.6.2-beta1
ERROR - 2011-09-23 20:52:17 --> 404 Page Not Found --> phpMyAdmin-2.6.2-rc1
ERROR - 2011-09-23 20:52:17 --> 404 Page Not Found --> phpMyAdmin-2.6.2
ERROR - 2011-09-23 20:52:18 --> 404 Page Not Found --> phpMyAdmin-2.6.2-pl1
ERROR - 2011-09-23 20:52:18 --> 404 Page Not Found --> phpMyAdmin-2.6.3
ERROR - 2011-09-23 20:52:19 --> 404 Page Not Found --> phpMyAdmin-2.6.3-rc1
ERROR - 2011-09-23 20:52:19 --> 404 Page Not Found --> phpMyAdmin-2.6.3
ERROR - 2011-09-23 20:52:20 --> 404 Page Not Found --> phpMyAdmin-2.6.3-pl1
ERROR - 2011-09-23 20:52:20 --> 404 Page Not Found --> phpMyAdmin-2.6.4-rc1
ERROR - 2011-09-23 20:52:21 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl1
ERROR - 2011-09-23 20:52:21 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl2
ERROR - 2011-09-23 20:52:22 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl3
ERROR - 2011-09-23 20:52:22 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl4
ERROR - 2011-09-23 20:52:23 --> 404 Page Not Found --> phpMyAdmin-2.6.4
ERROR - 2011-09-23 20:52:23 --> 404 Page Not Found --> phpMyAdmin-2.7.0-beta1
ERROR - 2011-09-23 20:52:24 --> 404 Page Not Found --> phpMyAdmin-2.7.0-rc1
ERROR - 2011-09-23 20:52:24 --> 404 Page Not Found --> phpMyAdmin-2.7.0-pl1
ERROR - 2011-09-23 20:52:25 --> 404 Page Not Found --> phpMyAdmin-2.7.0-pl2
ERROR - 2011-09-23 20:52:25 --> 404 Page Not Found --> phpMyAdmin-2.7.0
ERROR - 2011-09-23 20:52:26 --> 404 Page Not Found --> phpMyAdmin-2.8.0-beta1
ERROR - 2011-09-23 20:52:26 --> 404 Page Not Found --> phpMyAdmin-2.8.0-rc1
ERROR - 2011-09-23 20:52:27 --> 404 Page Not Found --> phpMyAdmin-2.8.0-rc2
ERROR - 2011-09-23 20:52:27 --> 404 Page Not Found --> phpMyAdmin-2.8.0
ERROR - 2011-09-23 20:52:28 --> 404 Page Not Found --> phpMyAdmin-2.8.0.1
ERROR - 2011-09-23 20:52:34 --> 404 Page Not Found --> phpMyAdmin-2.8.0.4
ERROR - 2011-09-23 20:52:35 --> 404 Page Not Found --> phpMyAdmin-2.8.1-rc1
ERROR - 2011-09-23 20:52:35 --> 404 Page Not Found --> phpMyAdmin-2.8.1
ERROR - 2011-09-23 20:52:36 --> 404 Page Not Found --> phpMyAdmin-2.8.2
ERROR - 2011-09-23 20:52:36 --> 404 Page Not Found --> sqlmanager
ERROR - 2011-09-23 20:52:38 --> 404 Page Not Found --> mysqlmanager
ERROR - 2011-09-23 20:52:38 --> 404 Page Not Found --> p
ERROR - 2011-09-23 20:52:39 --> 404 Page Not Found --> PMA2005
ERROR - 2011-09-23 20:52:39 --> 404 Page Not Found --> pma2005
ERROR - 2011-09-23 20:52:40 --> 404 Page Not Found --> phpmanager
ERROR - 2011-09-23 20:52:40 --> 404 Page Not Found --> php-myadmin
ERROR - 2011-09-23 20:52:41 --> 404 Page Not Found --> phpmy-admin
ERROR - 2011-09-23 20:52:41 --> 404 Page Not Found --> webadmin
ERROR - 2011-09-23 20:52:42 --> 404 Page Not Found --> sqlweb
ERROR - 2011-09-23 20:52:42 --> 404 Page Not Found --> websql
ERROR - 2011-09-23 20:52:42 --> 404 Page Not Found --> webdb
ERROR - 2011-09-23 20:52:43 --> 404 Page Not Found --> mysqladmin
ERROR - 2011-09-23 20:52:43 --> 404 Page Not Found --> mysql-admin
ERROR - 2011-09-23 20:52:50 --> 404 Page Not Found --> dbadmin
ERROR - 2011-09-23 20:52:50 --> 404 Page Not Found --> myadmin
ERROR - 2011-09-23 20:52:54 --> 404 Page Not Found --> mysqladmin
ERROR - 2011-09-23 20:52:54 --> 404 Page Not Found --> phpadmin
ERROR - 2011-09-23 20:52:55 --> 404 Page Not Found --> phpMyAdmin
ERROR - 2011-09-23 20:52:55 --> 404 Page Not Found --> phpmyadmin
ERROR - 2011-09-23 20:52:56 --> 404 Page Not Found --> phpmyadmin1
ERROR - 2011-09-23 20:52:56 --> 404 Page Not Found --> phpmyadmin2
ERROR - 2011-09-23 20:52:57 --> 404 Page Not Found --> pma
ERROR - 2011-09-23 20:52:57 --> 404 Page Not Found --> databaseadmin
ERROR - 2011-09-23 20:52:58 --> 404 Page Not Found --> admm
ERROR - 2011-09-23 20:52:58 --> 404 Page Not Found --> admn
ERROR - 2011-09-23 20:52:59 --> 404 Page Not Found --> _myadmin
ERROR - 2011-09-23 20:52:59 --> 404 Page Not Found --> phpMyA
ERROR - 2011-09-23 20:53:03 --> 404 Page Not Found --> admin
ERROR - 2011-09-23 20:53:04 --> 404 Page Not Found --> mysql2
ERROR - 2011-09-23 20:53:04 --> 404 Page Not Found --> phpmyadm
ERROR - 2011-09-23 20:53:05 --> 404 Page Not Found --> php1
ERROR - 2011-09-23 20:53:05 --> 404 Page Not Found --> php2
ERROR - 2011-09-23 20:53:09 --> 404 Page Not Found --> sqladm
ERROR - 2011-09-23 20:53:09 --> 404 Page Not Found --> myAdmin
ERROR - 2011-09-23 20:53:10 --> 404 Page Not Found --> pmabd
ERROR - 2011-09-23 20:53:10 --> 404 Page Not Found --> mydb
ERROR - 2011-09-23 20:53:11 --> 404 Page Not Found --> mysql_administrator
ERROR - 2011-09-23 20:53:11 --> 404 Page Not Found --> pma_mydb
ERROR - 2011-09-23 20:53:12 --> 404 Page Not Found --> webmail2
ERROR - 2011-09-23 20:53:12 --> 404 Page Not Found --> myphp
ERROR - 2011-09-23 20:53:16 --> 404 Page Not Found --> phpas
ERROR - 2011-09-23 20:53:16 --> 404 Page Not Found --> _pma
ERROR - 2011-09-23 20:53:17 --> 404 Page Not Found --> /scripts
ERROR - 2011-09-23 20:53:20 --> 404 Page Not Found --> _dbadmin
ERROR - 2011-09-23 20:53:24 --> 404 Page Not Found --> _admin
ERROR - 2011-09-23 20:53:27 --> 404 Page Not Found --> _phpMyAdmin
ERROR - 2011-09-23 20:53:34 --> 404 Page Not Found --> sql
ERROR - 2011-09-23 20:53:34 --> 404 Page Not Found --> _sql
ERROR - 2011-09-23 20:53:35 --> 404 Page Not Found --> my-php
ERROR - 2011-09-23 20:53:35 --> 404 Page Not Found --> My-php
like image 818
Catfish Avatar asked Sep 26 '11 15:09

Catfish


People also ask

What are some signs that a system has been compromised?

Unusual log entries such as network connections to unfamiliar machines or services, login failures. New files of unknown origin and function. Unexplained changes or attempt to change file sizes, check sums, date/time stamps, especially those related to system binaries or configuration files.

Which of the following is a common indicator that your account might be compromised?

Unnecessary or out-of-use accounts. Insecure inbox configurations. Risky data access rules in apps. Password redundancies in different accounts.

How do databases get compromised?

Attackers can exploit buffer overflows, SQL Injection, etc. in order to own the database server. The attack could be through a web application by exploiting SQL Injection so no authentication is needed. In this way databases can be hacked from Internet and firewalls are complete bypassed.


1 Answers

Something (probably a bot) is scanning your web server for those pages, which do not exist since they are receiving 404 errors. The scanning is very common -- usually scripts are looking for vulnerabilities.

We can't tell if your database has been compromised. Although the log contents you posted do not indicate that you have been compromised, just scanned.

like image 64
joet3ch Avatar answered Sep 28 '22 01:09

joet3ch