Attempted attack (FYI)

[Lantech]

Hello,

I discovered an attempted attack on our nagios XI server today. We added some rules to the iptables and our main firewall to make sure it wont happen again.
As far we can see no damage was done by the software.

Nagios XI logs

Error_log

[Tue Jun 12 09:01:17 2012] [error] [client 218.104.48.162] File does not exist: /var/www/html/w00tw00t.at.blackhats.romanian.anti-sec:)
[Tue Jun 12 09:01:18 2012] [error] [client 218.104.48.162] client denied by server configuration: /usr/share/phpmyadmin/scripts/setup.php
[Tue Jun 12 09:01:19 2012] [error] [client 218.104.48.162] client denied by server configuration: /usr/share/phpmyadmin/scripts/setup.php
[Tue Jun 12 09:01:19 2012] [error] [client 218.104.48.162] File does not exist: /var/www/html/pma
[Tue Jun 12 09:01:20 2012] [error] [client 218.104.48.162] File does not exist: /var/www/html/myadmin
[Tue Jun 12 09:01:21 2012] [error] [client 218.104.48.162] File does not exist: /var/www/html/MyAdmin

Access_log

218.104.48.162 - - [12/Jun/2012:09:01:17 +0200] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 317 "-" "ZmEu"
218.104.48.162 - - [12/Jun/2012:09:01:18 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 403 308 "-" "ZmEu"
218.104.48.162 - - [12/Jun/2012:09:01:19 +0200] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 403 308 "-" "ZmEu"
218.104.48.162 - - [12/Jun/2012:09:01:19 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 297 "-" "ZmEu"
218.104.48.162 - - [12/Jun/2012:09:01:20 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 301 "-" "ZmEu"
218.104.48.162 - - [12/Jun/2012:09:01:21 +0200] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 301 "-" "ZmEu"

Regards,

Roel van Dijk

[scottwilkerson]

It seems there is always some hacker probing for access to systems.