從 Web Log 學習系統漏洞 10

同樣又是 phpMyAdmin 的漏洞測試, 不過這傢伙用 Amazon 的雲端主機來入侵, 可能是某人的雲端主機被當跳板或是那個人架了雲端主機來入侵

35.169.173.59 - - [01/May/2018:12:59:25 +0800] "PROPFIND / HTTP/1.1" 405 236
35.169.173.59 - - [01/May/2018:12:59:26 +0800] "POST /wls-wsat/CoordinatorPortType HTTP/1.1" 404 226
35.169.173.59 - - [01/May/2018:12:59:26 +0800] "GET /index.php HTTP/1.1" 404 207
35.169.173.59 - - [01/May/2018:12:59:27 +0800] "GET /phpmyadmin/index.php HTTP/1.1" 404 218
35.169.173.59 - - [01/May/2018:12:59:27 +0800] "GET /phpMyAdmin/index.php HTTP/1.1" 404 218
35.169.173.59 - - [01/May/2018:12:59:27 +0800] "GET /pmd/index.php HTTP/1.1" 404 211

35.169.173.59 - - [01/May/2018:12:59:27 +0800] "GET /pma/index.php HTTP/1.1" 404 211
35.169.173.59 - - [01/May/2018:12:59:28 +0800] "GET /PMA/index.php HTTP/1.1" 404 211
35.169.173.59 - - [01/May/2018:12:59:28 +0800] "GET /PMA2/index.php HTTP/1.1" 404 212
35.169.173.59 - - [01/May/2018:12:59:28 +0800] "GET /pmamy/index.php HTTP/1.1" 404 213
35.169.173.59 - - [01/May/2018:12:59:28 +0800] "GET /pmamy2/index.php HTTP/1.1" 404 214
35.169.173.59 - - [01/May/2018:12:59:28 +0800] "GET /mysql/index.php HTTP/1.1" 404 213
35.169.173.59 - - [01/May/2018:12:59:29 +0800] "GET /admin/index.php HTTP/1.1" 404 213
35.169.173.59 - - [01/May/2018:12:59:29 +0800] "GET /db/index.php HTTP/1.1" 404 210
35.169.173.59 - - [01/May/2018:12:59:29 +0800] "GET /dbadmin/index.php HTTP/1.1" 404 215
35.169.173.59 - - [01/May/2018:12:59:29 +0800] "GET /web/phpMyAdmin/index.php HTTP/1.1" 404 222
35.169.173.59 - - [01/May/2018:12:59:30 +0800] "GET /admin/pma/index.php HTTP/1.1" 404 217
35.169.173.59 - - [01/May/2018:12:59:30 +0800] "GET /admin/PMA/index.php HTTP/1.1" 404 217
35.169.173.59 - - [01/May/2018:12:59:30 +0800] "GET /admin/mysql/index.php HTTP/1.1" 404 219
35.169.173.59 - - [01/May/2018:12:59:30 +0800] "GET /admin/mysql2/index.php HTTP/1.1" 404 220
35.169.173.59 - - [01/May/2018:12:59:30 +0800] "GET /admin/phpmyadmin/index.php HTTP/1.1" 404 224
35.169.173.59 - - [01/May/2018:12:59:31 +0800] "GET /admin/phpMyAdmin/index.php HTTP/1.1" 404 224
35.169.173.59 - - [01/May/2018:12:59:31 +0800] "GET /admin/phpmyadmin2/index.php HTTP/1.1" 404 225
35.169.173.59 - - [01/May/2018:12:59:31 +0800] "GET /mysqladmin/index.php HTTP/1.1" 404 218
35.169.173.59 - - [01/May/2018:12:59:31 +0800] "GET /mysql-admin/index.php HTTP/1.1" 404 219
35.169.173.59 - - [01/May/2018:12:59:31 +0800] "GET /phpadmin/index.php HTTP/1.1" 404 216
35.169.173.59 - - [01/May/2018:12:59:32 +0800] "GET /phpmyadmin0/index.php HTTP/1.1" 404 219
35.169.173.59 - - [01/May/2018:12:59:32 +0800] "GET /phpmyadmin1/index.php HTTP/1.1" 404 219
35.169.173.59 - - [01/May/2018:12:59:32 +0800] "GET /phpmyadmin2/index.php HTTP/1.1" 404 219
35.169.173.59 - - [01/May/2018:12:59:32 +0800] "GET /myadmin/index.php HTTP/1.1" 404 215
35.169.173.59 - - [01/May/2018:12:59:33 +0800] "GET /myadmin2/index.php HTTP/1.1" 404 216
35.169.173.59 - - [01/May/2018:12:59:33 +0800] "GET /xampp/phpmyadmin/index.php HTTP/1.1" 404 224
35.169.173.59 - - [01/May/2018:12:59:33 +0800] "GET /phpMyadmin_bak/index.php HTTP/1.1" 404 222
35.169.173.59 - - [01/May/2018:12:59:33 +0800] "GET /www/phpMyAdmin/index.php HTTP/1.1" 404 222
35.169.173.59 - - [01/May/2018:12:59:33 +0800] "GET /tools/phpMyAdmin/index.php HTTP/1.1" 404 224
35.169.173.59 - - [01/May/2018:12:59:34 +0800] "GET /phpmyadmin-old/index.php HTTP/1.1" 404 222
35.169.173.59 - - [01/May/2018:12:59:34 +0800] "GET /phpMyAdminold/index.php HTTP/1.1" 404 221
35.169.173.59 - - [01/May/2018:12:59:34 +0800] "GET /pma-old/index.php HTTP/1.1" 404 215
35.169.173.59 - - [01/May/2018:12:59:34 +0800] "GET /claroline/phpMyAdmin/index.php HTTP/1.1" 404 228
35.169.173.59 - - [01/May/2018:12:59:34 +0800] "GET /typo3/phpmyadmin/index.php HTTP/1.1" 404 224
35.169.173.59 - - [01/May/2018:12:59:35 +0800] "GET /phpma/index.php HTTP/1.1" 404 213
35.169.173.59 - - [01/May/2018:12:59:35 +0800] "GET /phpmyadmin/phpmyadmin/index.php HTTP/1.1" 404 229
35.169.173.59 - - [01/May/2018:12:59:35 +0800] "GET /phpMyAdmin/phpMyAdmin/index.php HTTP/1.1" 404 229