Do you run a website?

Even if you don’t, if you plan to, this is a good list to have.  I detected a hacking attempt on Poker Terms from a Chinese IP.  The hacker attempted to access these directories on the website:

/administrator/admin/
/administrator/PMA/
/administrator/web/
/administrator/db/
/administrator/pma/
/administrator/phpMyAdmin/
/administrator/phpmyadmin/
/administrator/web/
/administrator/phpMyAdmin/
/administrator/db/
/administrator/phpmyadmin/
/phpMyAdmin-2.11.5.1-all-languages/
/phpMyAdmin-2.11.6-all-languages/
/phpMyAdmin-2.11.7.1-all-languages/
/phpMyAdmin-2.11.7.1-all-languages-utf-8-only/
/phpMyAdmin-2.11.8.1-all-languages/
/phpMyAdmin-2.11.8.1-all-languages-utf-8-only/
/db/phpMyAdmin2/
/db/phpMyAdmin-2/
/db/phpmyadmin2/
/db/db-admin/
/db/dbadmin/
/db/webdb/
/db/websql/
/db/dbweb/
/db/webadmin/
/db/myadmin/
/database/phpMyAdmin/
/database/phpMyAdmin2/
/database/phpmyadmin2/
/database/database/
/database/phpMyAdmin/
/database/phpmyadmin/
/sql/phpMyAdmin/
/sql/phpMyAdmin2/
/sql/phpmyadmin2/
/sql/sql-admin/
/sql/sqladmin/
/sql/webdb/
/sql/websql/
/sql/sqlweb/
/sql/webadmin/
/sql/myadmin/
/sql/sql/
/sql/phpmy-admin/
/sql/php-myadmin/
/sql/phpmanager/
/mysql/mysqlmanager/
/mysql/sqlmanager/
/mysql/dbadmin/
/mysql/admin/
/mysql/pMA/
/mysql/web/
/mysql/db/
/mysql/pma/
/admin/pMA/
/admin/web/
/admin/db/
/admin/sqladmin/
/admin/sysadmin/
/admin/phpMyAdmin/
/admin/phpmyadmin/
/mysql-admin/
/mysqladmin/
/webdb/
/websql/
/sqlweb/
/webadmin/
/phpmy-admin/
/php-myadmin/
/mysqlmanager/
/sqlmanager/
/db/phpMyAdmin/
/db/phpmyadmin/
/database/
/qql/
/mysql/
/dbadmin/
/admin/
/db/
/pma/
/dbadmin/
/PMA/
/program/
/MyAdmin/
/myadmin/
/phppma/
/phpmy/
/phpmyadmin2/
/2phpmyadmin/
/phpmyAdmin/
/phpMyAdmin/
/phpMyadmin/
/phpmyadmin/
/mysql/mysqlmanager/
/mysql/sqlmanager/
/mysql/dbadmin/
/mysql/admin/

Even if you’re not a technical person, it’s clear that the guy was trying to get into some sort of admin backend system for PokerTerms.  All of the “phpmyadmin” stuff relates to a program which is a commonly used database administration tool.  While actually having your admin system in one of these directories isn’t the worst thing in the world (they still need to get through your user/pass system most of the time), it obviously isn’t smart.  Having your admin system in a completely random directory is vastly superior because FINDING the admin system is the first step for a hacker to take when they’re attempting to break into your website.  Of course you should also have a strong username and password so, if they do find a way to the login page of one of your admin systems, they cannot get in with brute force.

If you know someone who is an admin of a website, feel free to pass this list along as it could prove to be very helpful to them.

5 thoughts on “Do you run a website?

  1. Jeff

    Nice post Nat.

    Garbage like this happens all the time. The most lethal is junk coming into your site from URL parameters, form submissions, etc..

    Just today, 65.254.224.34 tried the following SQL injection attack on our site:
    “viewPage.cfm?id=convert(int,select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20(char(0))))–sp_password”

    Therefore, along with a completely random “admin” section, its also VERY important to make sure to check anything the user can pass to you. url parameters, forum postings, comments, the list goes on and on……

    Thanks for the long list of urls checked by spammers/hackers.

  2. Nat Post author

    Yea, I sanitize all of the data on the websites I code. I use a lot of pre-written regex to make sure that SQL injection never makes it to my database (hopefully that regex is solid!!).

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>