Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Ivan2018-09-28 06:35:59
WordPress
Ivan, 2018-09-28 06:35:59

How to understand the logs, is it a hacking attempt or not?

The second time I install the WordPress site management system on the vps, a few days pass and WP starts to hang terribly, I went into the logs and saw the following:
/phpmyadmin/index.php?pma_username=root&pma_password= r00t &server=1 (password guessing in progress)

spoiler
[Thu Sep 27 09:37:39 2018] [error] [client 122.114.227.236] File does not exist: /usr/share/phpMyAdmin/scripts
[Thu Sep 27 09:37:41 2018] [error] [client 122.114.227.236] File does not exist: /usr/share/phpMyAdmin/scripts
[Thu Sep 27 09:39:17 2018] [error] [client 122.114.227.236] File does not exist: /usr/share/phpMyAdmin/phpmyadmin
2018/09/27 17:02:11 [crit] 1417#1417: *200295 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 47.91.207.51, server: site.ru, request: "GET /phpmyadmin/scripts/db___.init.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "185.00.000.000"
[Thu Sep 27 17:02:11 2018] [error] [client 47.91.207.51] File does not exist: /usr/share/phpMyAdmin/scripts
2018/09/27 17:06:07 [crit] 1417#1417: *201180 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 47.91.207.51, server: site.ru, request: "GET /phpmyadmin/index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "185.00.000.000"
2018/09/27 17:20:14 [error] 1417#1417: *203986 openat() "/usr/share/phpMyAdmin0/index.php" failed (2: No such file or directory), client: 47.91.207.51, server: site.ru, request: "GET /phpmyadmin0/index.php HTTP/1.1", host: "185.00.000.000"
2018/09/27 17:20:14 [error] 1417#1417: *203986 openat() "/usr/share/phpMyAdmin1/index.php" failed (2: No such file or directory), client: 47.91.207.51, server: site.ru, request: "GET /phpmyadmin1/index.php HTTP/1.1", host: "185.00.000.000"
2018/09/27 17:20:14 [error] 1417#1417: *203986 openat() "/usr/share/phpMyAdmin2/index.php" failed (2: No such file or directory), client: 47.91.207.51, server: site.ru, request: "GET /phpmyadmin2/index.php HTTP/1.1", host: "185.00.000.000"
2018/09/27 17:20:19 [error] 1417#1417: *203986 openat() "/usr/share/phpMyAdmin-old/index.php" failed (2: No such file or directory), client: 47.91.207.51, server: site.ru, request: "GET /phpmyadmin-old/index.php HTTP/1.1", host: "185.00.000.000"
2018/09/27 17:20:23 [crit] 1417#1417: *203986 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 47.91.207.51, server: site.ru, request: "GET /phpmyadmin/phpmyadmin/index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "185.00.000.000"
[Thu Sep 27 17:20:23 2018] [error] [client 47.91.207.51] File does not exist: /usr/share/phpMyAdmin/phpmyadmin
[Thu Sep 27 17:25:29 2018] [error] [client 54.38.220.67] File does not exist: /usr/share/phpMyAdmin/scripts
[Thu Sep 27 17:25:29 2018] [error] [client 54.38.220.67] File does not exist: /usr/share/phpMyAdmin/scripts
2018/09/27 22:15:05 [warn] 1417#1417: *272394 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/1/36/0000026361 while reading upstream, client: 77.222.105.24, server: site.ru, request: "GET /wp-admin/load-styles.php?c=0&dir=ltr&load%5B%5D=dashicons,buttons,forms,l10n,login&ver=4.9.8 HTTP/1.1", upstream: "127.0.0.1:8080/wp-admin/load-styles.php?c=0&dir=lt...", host: "site.ru", referrer: "https://site.ru/wp-login.php"
2018/09/27 22:15:08 [warn] 1417#1417: *272394 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/2/36/0000026362 while reading upstream, client: 77.222.105.24, server: site.ru, request: "GET /wp-admin/load-styles.php?c=0&dir=ltr&load%5B%5D=dashicons,admin-bar,common,forms,admin-menu,dashboard,list-tables,edit,revisions,media,themes,about,nav-menus,wp-pointer,widgets&load%5B%5D=,site-icon,l10n,buttons,wp-auth-check&ver=4.9.8 HTTP/1.1", upstream: "127.0.0.1:8080/wp-admin/load-styles.php?c=0&dir=lt...", host: "site.ru", referrer: "https://site.ru/wp-admin/"
2018/09/27 22:24:22 [crit] 1417#1417: *274323 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 183.90.168.18, server: site.ru, request: "GET /phpmyadmin/scripts/setup.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "185.00.000.000"
[Thu Sep 27 22:24:22 2018] [error] [client 183.90.168.18] File does not exist: /usr/share/phpMyAdmin/scripts
2018/09/27 22:27:10 [crit] 1417#1417: *275042 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 183.90.168.18, server: site.ru, request: "GET /phpmyadmin/index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "185.00.000.000"
2018/09/27 22:27:11 [crit] 1417#1417: *275042 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 183.90.168.18, server: site.ru, request: "GET /phpmyadmin/index.php?pma_username=root&pma_password=&server=1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "185.00.000.000"
2018/09/27 22:27:11 [crit] 1417#1417: *275042 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 183.90.168.18, server: site.ru, request: "GET /phpmyadmin/index.php?pma_username=root&pma_password=root&server=1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "185.00.000.000"
2018/09/27 22:27:11 [crit] 1417#1417: *275042 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 183.90.168.18, server: site.ru, request: "GET /phpmyadmin/index.php?pma_username=root&pma_password=toor&server=1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "185.00.000.000"
2018/09/27 22:27:12 [crit] 1417#1417: *275042 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 183.90.168.18, server: site.ru, request: "GET /phpmyadmin/index.php?pma_username=root&pma_password=r00t&server=1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "185.00.000.000"
2018/09/27 22:27:12 [crit] 1417#1417: *275042 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 183.90.168.18, server: site.ru, request: "GET /phpmyadmin/index.php?pma_username=root&pma_password=mysql&server=1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "185.00.000.000"
2018/09/28 01:05:45 [error] 1417#1417: *300645 openat() "/usr/share/phpMyAdmin/docs.css" failed (2: No such file or directory), client: 125.64.94.206, server: site.ru, request: "GET /phpmyadmin/docs.css HTTP/1.1", host: "www.site.ru"
[Fri Sep 28 01:05:45 2018] [error] [client 125.64.94.206] File does not exist: /usr/share/phpMyAdmin/docs.css
2018/09/28 01:07:55 [crit] 1417#1417: *301050 connect() to unix:/var/run/php-fpm.apache.sock failed (2: No such file or directory) while connecting to upstream, client: 125.64.94.206, server: site.ru, request: "GET /phpmyadmin/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.apache.sock:", host: "www.site.ru"
2018/09/28 01:07:57 [error] 1417#1417: *301050 openat() "/usr/share/phpMyAdmin/README" failed (2: No such file or directory), client: 125.64.94.206, server: site.ru, request: "GET /phpmyadmin/README HTTP/1.1", host: "www.site.ru"
2018/09/28 01:07:57 [error] 1417#1417: *301050 openat() "/usr/share/phpMyAdmin/Documentation.html" failed (2: No such file or directory), client: 125.64.94.206, server: site.ru, request: "GET /phpmyadmin/Documentation.html HTTP/1.1", host: "www.site.ru"
[Fri Sep 28 01:07:57 2018] [error] [client 125.64.94.206] File does not exist: /usr/share/phpMyAdmin/Documentation.html


If I understand correctly, some script is trying to access phpmyadmin
How to determine?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vasily Pupkin, 2018-09-28
@9StarRu

Install fail2ban, configure.

Similar questions
4
4utka_pyan2017-06-25 17:14:51
Please explain defer in golang? 2Reply
S
SlavaMorg2021-05-26 08:17:44
Why is the server accessible via "remote desktop connection" while its IIS web server is not IP accessible via an external browser? 5Reply
A
Arseniy Khusainov2021-06-01 08:25:04
Why doesn't mount work on a linux subsystem in windows? 5Reply
A
Anonymous54545872021-06-03 14:56:54
No Wi-Fi on Windows XP, what's the problem? 4Reply
A
afna2015-08-28 18:22:12
How to set up endpoint on Apache server? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question