De eerste hacker meldt zich


[Tue Feb 22 20:13:20 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/w00tw00t.at.blackhats.romanian.anti-sec:)
[Tue Feb 22 20:13:21 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/scripts
[Tue Feb 22 20:13:22 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/admin
[Tue Feb 22 20:13:22 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/admin
[Tue Feb 22 20:13:23 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/admin
[Tue Feb 22 20:13:24 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/db
[Tue Feb 22 20:13:24 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/dbadmin
[Tue Feb 22 20:13:25 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/myadmin
[Tue Feb 22 20:13:25 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/mysql
[Tue Feb 22 20:13:26 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/mysqladmin
[Tue Feb 22 20:13:27 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/typo3
[Tue Feb 22 20:13:27 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpadmin
[Tue Feb 22 20:13:28 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin
[Tue Feb 22 20:13:29 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpmyadmin
[Tue Feb 22 20:13:29 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpmyadmin1
[Tue Feb 22 20:13:30 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpmyadmin2
[Tue Feb 22 20:13:31 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/pma
[Tue Feb 22 20:13:31 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/web
[Tue Feb 22 20:13:32 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/xampp
[Tue Feb 22 20:13:32 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/web
[Tue Feb 22 20:13:33 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/php-my-admin
[Tue Feb 22 20:13:34 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/websql
[Tue Feb 22 20:13:34 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpmyadmin
[Tue Feb 22 20:13:35 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin
[Tue Feb 22 20:13:36 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2
[Tue Feb 22 20:13:36 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/php-my-admin
[Tue Feb 22 20:13:37 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.2.3
[Tue Feb 22 20:13:38 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.2.6
[Tue Feb 22 20:13:38 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.1
[Tue Feb 22 20:13:39 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.4
[Tue Feb 22 20:13:40 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.5-rc1
[Tue Feb 22 20:13:40 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.5-rc2
[Tue Feb 22 20:13:41 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.5
[Tue Feb 22 20:13:41 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.5-pl1
[Tue Feb 22 20:13:42 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.6-rc1
[Tue Feb 22 20:13:43 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.6-rc2
[Tue Feb 22 20:13:43 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.6
[Tue Feb 22 20:13:44 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.7
[Tue Feb 22 20:13:45 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.5.7-pl1
[Tue Feb 22 20:13:45 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0-alpha
[Tue Feb 22 20:13:46 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0-alpha2
[Tue Feb 22 20:13:47 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0-beta1
[Tue Feb 22 20:13:47 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0-beta2
[Tue Feb 22 20:13:48 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0-rc1
[Tue Feb 22 20:13:49 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0-rc2
[Tue Feb 22 20:13:49 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0-rc3
[Tue Feb 22 20:13:50 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0
[Tue Feb 22 20:13:51 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0-pl1
[Tue Feb 22 20:13:51 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0-pl2
[Tue Feb 22 20:13:52 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.0-pl3
[Tue Feb 22 20:13:52 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.1-rc1
[Tue Feb 22 20:13:53 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.1-rc2
[Tue Feb 22 20:13:54 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.1
[Tue Feb 22 20:13:54 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.1-pl1
[Tue Feb 22 20:13:55 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.1-pl2
[Tue Feb 22 20:13:56 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.1-pl3
[Tue Feb 22 20:13:56 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.2-rc1
[Tue Feb 22 20:13:57 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.2-beta1
[Tue Feb 22 20:13:58 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.2-rc1
[Tue Feb 22 20:13:58 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.2
[Tue Feb 22 20:13:59 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.2-pl1
[Tue Feb 22 20:13:59 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.3
[Tue Feb 22 20:14:00 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.3-rc1
[Tue Feb 22 20:14:01 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.3
[Tue Feb 22 20:14:01 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.3-pl1
[Tue Feb 22 20:14:02 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.4-rc1
[Tue Feb 22 20:14:03 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.4-pl1
[Tue Feb 22 20:14:03 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.4-pl2
[Tue Feb 22 20:14:04 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.4-pl3
[Tue Feb 22 20:14:05 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.4-pl4
[Tue Feb 22 20:14:05 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.6.4
[Tue Feb 22 20:14:06 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.7.0-beta1
[Tue Feb 22 20:14:06 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.7.0-rc1
[Tue Feb 22 20:14:07 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.7.0-pl1
[Tue Feb 22 20:14:08 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.7.0-pl2
[Tue Feb 22 20:14:08 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.7.0
[Tue Feb 22 20:14:09 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.0-beta1
[Tue Feb 22 20:14:10 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.0-rc1
[Tue Feb 22 20:14:10 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.0-rc2
[Tue Feb 22 20:14:11 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.0
[Tue Feb 22 20:14:12 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.0.1
[Tue Feb 22 20:14:12 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.0.2
[Tue Feb 22 20:14:13 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.0.3
[Tue Feb 22 20:14:14 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.0.4
[Tue Feb 22 20:14:14 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.1-rc1
[Tue Feb 22 20:14:15 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.1
[Tue Feb 22 20:14:15 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpMyAdmin-2.8.2
[Tue Feb 22 20:14:16 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/sqlmanager
[Tue Feb 22 20:14:17 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/mysqlmanager
[Tue Feb 22 20:14:17 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/p
[Tue Feb 22 20:14:18 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/PMA2005
[Tue Feb 22 20:14:19 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/pma2005
[Tue Feb 22 20:14:19 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpmanager
[Tue Feb 22 20:14:20 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/php-myadmin
[Tue Feb 22 20:14:21 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/phpmy-admin
[Tue Feb 22 20:14:21 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/webadmin
[Tue Feb 22 20:14:22 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/sqlweb
[Tue Feb 22 20:14:23 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/websql
[Tue Feb 22 20:14:23 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/webdb
[Tue Feb 22 20:14:24 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/mysqladmin
[Tue Feb 22 20:14:24 2011] [error] [client 61.30.236.2] client denied by server configuration: /var/www/mysql-admin

De reden dat hij niet binnen komt is niet dat ik zo’n geweldige Linux systeembeheerder ben, maar juist omdat ik weet dat ik het niet ben. Mijn server is ingesteld, zoals Ubuntu uit de doos kwam. Wat hebben de mensen die hem willen gebruiken minimaal nodig? Dat heb ik ingesteld. Mijn internet toegangskastje laat alleen poort 80 door naar de server, de rest blijft buiten. De hacker heeft dus geen andere handvatten dan de webserver, en die heeft niets waar hij wat aan heeft. De webserver draait niet onder de root account. Ik heb de pakketten waar hij naar op zoek is niet ge├»nstalleerd, want ik doe het beheer van de server vanaf mijn eigen lokale netwerk, via een SSH verbinding.

Het is wel verbazend dat de hacker zo snel mijn ip-adres heeft gevonden, maar dat kan ook gewoon toeval zijn. Een echte systeembeheerder zou binnen de server een reeks complexe firewall-rules hebben ingesteld, maar ik heb gewoon nog geen tijd gehad om me daarin te verdiepen. Met dit soort rules kun je aanvallen van hackers op je systeem automatisch detecteren, zag ik. Je kan er zelfs een ddos aanval mee pareren. Kun je nagaan wat voor prutsers de systemen van grote ondernemingen beheren, want die aanvallen hebben nog best vaak succes.

Read Offline:
This entry was posted in Wordpress. Bookmark the permalink.

Leave a Reply

Your email address will not be published.