Security Issue?

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Security Issue?

Postby drpop » 21. June 2007 12:01

This morning I awoke to find;

Fatal error: Out of memory (allocated 3145728) (tried to allocate 393216 bytes) in XXXX\includes\sef.php on line 265


on my xampp driven site.

looking through the logs I find,

85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /phpmyadmin/main.php HTTP/1.0" 200 189
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /PMA/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /mysql/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /admin/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /db/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /dbadmin/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /web/phpMyAdmin/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /admin/pma/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /admin/phpmyadmin/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /admin/mysql/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /phpmyadmin2/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /mysqladmin/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /mysql-admin/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:09 +0100] "GET /main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /myadmin/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.6.0/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.6.0-pl1/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.6.3-pl1/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.6.3/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.6.3-rc1/main.php HTTP/1.0" 404 1121
85.214.109.35 - - [20/Jun/2007:22:46:10 +0100] "GET /phpMyAdmin-2.6.2-rc1/main.php HTTP/1.0" 404 1121


These appear around the same time as I am told the site went down.

I am guessing this is not a coincedence. Can anyone shed any light into this?

Thx
drpop
 
Posts: 1
Joined: 21. June 2007 11:57

Postby MikesTooLz » 21. June 2007 19:11

I was having problems to and it looks like someone hack into my xampp server.

This line you posted is what makes it similar to my problem.
20/Jun/2007:22:46:09 +0100] "GET /PMA/main.php HTTP/1.0" 404 1121[

It looks like PHPMyAdmin was being accessed on your site and that line had PMA in it.

See if you can login to your phpmyadmin. Check your Config.inc.php and see what is set for controlpass. They got in my server and changed ControlPass to "ShitFace".

Also check and see what privaliges the pma user has.
MikesTooLz
 
Posts: 7
Joined: 21. June 2007 18:09

Postby kschroeder » 22. June 2007 10:10

I guess there's no security problem, but a problem with the memory management of the server.

I suppose he's using a win2000 server?
kschroeder
 
Posts: 254
Joined: 11. May 2007 13:33


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 50 guests