I quite frequently see logentries like this:
Processing MenuController#menu (for 81.18.246.182 at 2010-09-29
21:06:22) [GET]
Parameters: {“anything”=>[“phpMyAdmin”, “config”, “config.inc.php”],
“p”=>“phpinfo()”}
Redirected to http://85.214.197.248/authentication/login
Filter chain halted as
[#Proc:0xb74c7784@/home/xxx/yyy.de/releases/20100929164559/vendor/rails/actionpack/lib/action_controller/verification.rb:82]
rendered_or_redirected.
Completed in 1ms (DB: 0) | 302 Found
[http://85.214.197.248/phpMyAdmin/config/config.inc.php?p=phpinfo();]
Obviously these guys try to find some weakness in my server. They very
often retry a list of login attempts to get some successful login
sending Parameters like this:
{“anything”=>[“phpMyAdmin”]}
{“anything”=>[“phpmyadmin”,“config”,“config.inc.php”],“p”=>“phpinfo()”}
{“anything”=>[“pma”,“config”,“config.inc.php”], “p”=>“phpinfo()”}
{“anything”=>[“admin”,“config”,“config.inc.php”],“p”=>“phpinfo()”}
{“anything”=>[“dbadmin”,“config”,“config.inc.php”],“p”=>“phpinfo()”}
{“anything”=>[“mysql”,“config”,“config.inc.php”],“p”=>“phpinfo()”}
{“anything”=>[“php-my-admin”,“config”,“config.inc.php”],“p”=>“phpinfo()”}
{“anything”=>[“myadmin”,“config”,“config.inc.php”],“p”=>“phpinfo()”}
{“anything”=>[“PHPMYADMIN”,“config”,“config.inc.php”],“p”=>“phpinfo()”}
{“anything”=>[“phpMyAdmin”,“config”,“config.inc.php”],“p”=>“phpinfo()”}
{“anything”=>[“p”,“m”,“a”,“config”,“config.inc.php”],“p”=>“phpinfo()”}
What’s the best way to process these hacking attempts?