Azure Moon Posted July 25, 2010 Posted July 25, 2010 Hi Everyone! The past week or so I've noticed some odd things when checking the latest visitors through my cPanel and I'm wondering if they are some kind of hacking attempt. I've looked up the IP addresses and they're from all over the world and I don't know if these type of things are normal, a weird spider, or a hacker. Here's a short list of the things I've been seeing: /nosuichfile.php /noxdir/nosuichfile.php /PMA/scripts/setup.php /admin/mysql/scripts/setup.php /admin/phymyadmin/scripts/setup.php /db/scripts/setup.php /dbadmin/scripts/setup.php /admin/file_manager.php/login.php /admin/file_manager.php/login/php?action=download&filename=/includes/configure.php I'm hoping that someone out there can give me some insight as to what these are and if I should be blocking them. Any help and/or suggestions will be greatly appreciated. Brightest Blessings, Azure Moon
Guest Posted July 26, 2010 Posted July 26, 2010 Dawn, It looks like someone is testing the site to see if you have left any known vulnerabilities still open. The reason you are seeing this behavior from 'all over the world' is because they are using proxy servers to access your site and mask their own IP address. I would deny access to those IP addresses and perhaps install the IP trap contribution as well. Also, MAKE sure your site is secure. !!! Chris
Recommended Posts
Archived
This topic is now archived and is closed to further replies.