5 Sep
2004
5 Sep
'04
5:28 p.m.
Hi,
I'm using Logwatch 5.2.2 and in email today it emailed me the following:
--------------------- httpd Begin
A total of 4 sites probed the server 203.218.141.123 203.206.246.90 203.218.200.154
!!!! 3 possible successful probes /css/phpmyadmin.css.php?js_frame=left&num_dbs=0 HTTP Response 200
/css/phpmyadmin.css.php?lang=en-iso-8859-1&js_frame=right HTTP Response 200
/css/phpmyadmin.css.php?lang=en-iso-8859-1&js_frame=left&num_dbs=0 HTTP Response 200
---------------------- httpd End
What does this mean exactly?
When logwatch processes your log files, the script responsible for looking at the Apache logs (which you can find at /etc/log.d/scripts/services/http) treats every request containing the word 'phpmyadmin' as suspicious. On my system I can see this at line 113 of the script.
Rich
7592
Age (days ago)
7592
Last active (days ago)
0 comments
1 participants
participants (1)
-
Rich Fearn