Basic Site Security Checklist

Here's some notes on Security I found on my Host's Help pages that I think someone might find useful :=

Basic Site Security Checklist

1.) Remove malicious files and/or files you're not familiar with.

While many PHP applications generate files you may not be familiar with, it's important to watch for files or directories that may sound suspicious such as 'wellsfargo' or 'abbybank'.

2.) Update all scripts/applications to the newest versions available.

Old security holes are updated and remedied in new versions of software, so updating to the newest versions available ensures that you're running the most secure option available. If you installed these applications using Simple Scripts, automatic updates are available by clicking the 'Update Now' button. For installations done with Fantastico, the main Fantastico screen will show a link on the right-hand side of the screen with the available versions you can upgrade to.

3.) Update all plugins to the newest versions available.

Just because your applications have been updated doesn't mean the plugins you use have been also. Popular plugins for Elgg, Wordpress, Joomla, Drupal, etc are created for specific application versions. When updating your applications, make sure the plugins you're using are also certified to work with the newest version of your software.

4.) Delete any databases/applications from your account that are no longer in use.

Each databases/application you have installed on your account is another possible point of entry for attackers. By removing applications/databases that are no longer used, you will be eliminating the potential for those outdated scripts to be exploited.

5.) Fix dangerously writable permissions.

Most website files should be set at 644, and folders should be set to 755. This can be adjusted in an FTP client or by manually changing it in the Control Panel File Manager by selecting the file, and clicking on the icon at the top of the screen that says, 'Change Permissions'.

6.) Hide your configuration files.

Moving your config.php and other files containing passwords to a secure directory outside of the 'public_html' folder will make them inaccessible to general web surfing.

7.) Tweak your php.ini file.

The 'php.ini' file on your account is file that adjusts how PHP behaves on your account. By adjusting the properties of this file, you can greatly increase aspects of your security. This file is generally located in your 'public_html' directory. If you're unable to see this file, you may need to manually generate one. You can manually generate one by logging into your Control Panel and clicking the 'PHP Config' icon located in the section called 'Software/Services'. You'd then click the button that says, 'Install Master PHP.ini File'. This will install a file in your 'public_html' directory called 'php.ini.default'. To make this file active, you will then need to rename it to 'php.ini'.

Tweak 1.) Set 'register_globals' to OFF.

Tweak 2.) Set 'error_display' to ZERO.

8.) Connect to your account using a secure network.

If you're connecting to the internet using a wireless connection, make sure the wireless network is using a method of security such as WPA or WEP encryption.

9.) Make sure your local computer is secure.

One of the biggest security holes in internet site security is accessing your site from an insecure computer. Viruses, malware, and keyloggers can be installed on your computer covertly and can be used to obtain your username/password credentials or to infect your website files themselves. Practice good at-home computer security by regularly running a reliable anti-virus/spyware scanner. Below is a link to high-quality, free software that can help you maintain a safe, healthy computer.

PC Tools Anti-Virus: http://www.pctools.com/free-antivirus/

Ad-Aware Anti-Malware: http://www.lavasoft.com/single/trialpay.php

 

  • Checking Server's access Logs:=

    If you see an entry that looks like

    64.15.156.247 - - [17/May/2009:20:35:41 +0000] "GET /user/soapCaller.bs HTTP/1.1" 404 272 "-" "Morfeus F....... Scanner"

    Someone is trying to hack in using a very well known scanner tool.

    Posted on Monday 22 September 2008

    Our deployments have been picking up a recently added (August 08) scan signature from Morfeus, the bot-based web scanner, that has been around for a long time. The new scans were first detected on our consumer grade DSL/Cable segments in late August and have now also been seen on our Corporate environment sensors as well.

    The scans check for “soapCaller.bs” and then “/user/soapCaller.bs”. Returning a 200 result code did not bring any additional traffic or attacks from the original source within 96 hours of the initial scans. In fact, returning the 200 did not seem to cause any change in behavior of the scans or any additional attacks from any source. Likely, this means that vulnerable hosts are being cataloged for later mass exploitation.

    Morfeus scans are quite prevalent and can include searches for a number of common PHP and other web application vulnerabilities. Google searches on “morfeus” return about 259,000 results, including quite a few mentions of ongoing scans from the bot-net.

    Here is a blog post that discusses using .htaccess rules to block scans with the morfeus user agent.

    Morfeus has shown itself to be quite adaptive and seems to be updated pretty frequently by the bot-masters with new application attack signatures. The scanning is very widespread and can be observed on a regular basis across platforms and ISP types.

  • PHP.INI

    Some areas to pay attention to for optimizing server security :=

     

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

     

    ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
    session.cookie_lifetime = 0

    ; The path for which the cookie is valid.
    session.cookie_path = /


    ; As of PHP 4.0.1, you can define the path as:
    ;
    ;     session.save_path = "N;/path"
    ;
    ; where N is an integer.  Instead of storing all the session files in
    ; /path, what this will do is use subdirectories N-levels deep, and
    ; store the session data in those directories.  This is useful if you
    ; or your OS have problems with lots of files in one directory, and is
    ; a more efficient layout for servers that handle lots of sessions.
    ;
    ; NOTE 1: PHP will not create this directory structure automatically.
    ;         You can use the script in the ext/session dir for that purpose.
    ; NOTE 2: See the section on garbage collection below if you choose to
    ;         use subdirectories for session storage
    ;
    ; The file storage module creates files using mode 600 by default.
    ; You can change that by using
    ;
    ;     session.save_path = "N;MODE;/path"
    ;
    ; where MODE is the octal representation of the mode. Note that this
    ; does not overwrite the process's umask.
    session.save_path = "C:\phpEASY\\tmp\"


    ; Define the probability that the 'garbage collection' process is started
    ; on every session initialization.
    ; The probability is calculated by using gc_probability/gc_divisor,
    ; e.g. 1/100 means there is a 1% chance that the GC process starts
    ; on each request.

    session.gc_probability = 1
    session.gc_divisor     = 1000

    ; After this number of seconds, stored data will be seen as 'garbage' and
    ; cleaned up by the garbage collection process.
    session.gc_maxlifetime = 1440

    ; NOTE: If you are using the subdirectory option for storing session files
    ;       (see session.save_path above), then garbage collection does *not*
    ;       happen automatically.  You will need to do your own garbage
    ;       collection through a shell script, cron entry, or some other method.

  • Spam blocking via htacces IP DENY

    Blocking spam via IP# in htaccess wil keep spammers out before even the Elgg/PHP code executes - so we are reasonably "safe".

  • @Dhrup I posted this in another thread, but it works here as well.. would have to be modified for elgg. Basicaly it looks for the referring agent being the registration page.. if it's not it sends user to a predefined site... I'm sure you could change it to elgg standards and try it on your site easily enough.

    # BEGIN ANTISPAMBLOG REGISTRATION
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} .wp-signup\.php*
    RewriteCond %{HTTP_REFERER} !.*mystie.com.* [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule (.*) http://die-spammers.com/ [R=301,L]
    # END ANTISPAMBLOG REGISTRATION
  • I saw that other post ;-)

    BTW - Here is a *live apache log showing hack/ spam attempts.. from of my clients server - they got hit by 2000 spam accounts in 48 hours !! (might be of interest to some..)


    8.10.67.206 - - [16/May/2009:22:40:16 +0000] "GET /user/soapCaller.bs HTTP/1.1" 404 272 "-" "Morfeus Fucking Scanner"
    77.70.106.4 - - [17/May/2009:09:04:54 +0000] "POST http://69.61.54.154/post.php HTTP/1.1" 404 265 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
    200.5.242.50 - - [17/May/2009:18:30:07 +0000] "OPTIONS / HTTP/1.0" 200 4631 "-" "Microsoft-WebDAV-MiniRedir/5.1.2600"
    64.15.156.247 - - [17/May/2009:20:35:41 +0000] "GET /user/soapCaller.bs HTTP/1.1" 404 272 "-" "Morfeus Fucking Scanner"
    84.19.184.19 - - [18/May/2009:03:40:09 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 350 "-" "-"

    212.188.33.4 - - [18/May/2009:22:50:10 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 350 "-" "-"

    68.162.220.46 - - [19/May/2009:14:22:41 +0000] "GET / HTTP/1.1" 200 1552 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2)"


    81.20.128.162 - - [26/May/2009:19:17:41 +0000] "GET /user/soapCaller.bs HTTP/1.1" 404 272 "-" "Morfeus Fucking Scanner"

    64.15.156.247 - - [26/May/2009:22:03:22 +0000] "GET /user/soapCaller.bs HTTP/1.1" 404 272 "-" "Morfeus Fucking Scanner"

    211.95.78.73 - - [27/May/2009:21:02:55 +0000] "POST http://www.dormaster.com/cgi-bin/textenv.pl HTTP/1.1" 404 342 "-" "-"
    211.95.78.73 - - [27/May/2009:21:02:56 +0000] "POST http://www.dormaster.com/cgi-bin/textenv.pl HTTP/1.1" 404 342 "-" "-"

    200.68.8.77 - - [29/May/2009:09:38:53 +0000] "GET /user/soapCaller.bs HTTP/1.1" 404 272 "-" "Morfeus Fucking Scanner"

    89.7.219.169 - - [31/May/2009:04:05:44 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 350 "-" "-"
    66.63.165.7 - - [02/Jun/2009:07:39:08 +0000] "GET /user/soapCaller.bs HTTP/1.1" 404 272 "-" "Morfeus Fucking Scanner"

    77.70.106.4 - - [03/Jun/2009:07:16:49 +0000] "POST http://69.61.54.154/post.php HTTP/1.1" 404 265 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"

    219.153.66.61 - - [04/Jun/2009:22:52:44 +0000] "GET http://sevy.eu.org/azenv.php HTTP/1.1" 404 327 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"

    140.113.88.236 - - [08/Jun/2009:01:52:29 +0000] "GET HTTP/1.1 HTTP/1.1" 400 347 "-" "Toata dragostea mea pentru diavola"
    140.113.88.236 - - [08/Jun/2009:01:52:30 +0000] "GET /roundcube//bin/msgimport HTTP/1.1" 404 274 "-" "Toata dragostea mea pentru diavola"
    86.34.172.222 - - [08/Jun/2009:13:22:19 +0000] "GET /user/soapCaller.bs HTTP/1.1" 404 272 "-" "Morfeus Fucking Scanner"
    77.70.106.4 - - [09/Jun/2009:05:17:54 +0000] "POST http://69.61.54.154/post.php HTTP/1.1" 404 265 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
    217.167.171.230 - - [09/Jun/2009:21:24:40 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 350 "-" "-"
    64.62.175.167 - - [10/Jun/2009:06:18:05 +0000] "GET /thisdoesnotexistahaha.php HTTP/1.1" 404 276 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    64.62.175.167 - - [10/Jun/2009:06:18:05 +0000] "GET /phpMyAdmin/themes/original/img/logo_left.png HTTP/1.1" 404 291 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    91.212.65.124 - - [10/Jun/2009:13:11:00 +0000] "GET http://ant.dsabuse.com/abc.php?auth=45V456b09m&strPassword=WTMWWW_AGZF%5C&nLoginId=43 HTTP/1.1" 404 266 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12"

    92.240.68.152 - - [11/Jun/2009:00:50:04 +0000] "GET http://www.cornwall.ac.uk/images/cpr/Sport.jpg HTTP/1.1" 404 345 "http://random.yahoo.com/fast/ryl" "webcollage/1.135a"

    212.87.154.122 - - [11/Jun/2009:22:02:46 +0000] "GET //README HTTP/1.1" 404 265 "-" "Mozilla/4.0 (compatible; MSIE 7.0;  Windows NT 5.2)"
    212.87.154.122 - - [11/Jun/2009:22:02:47 +0000] "GET /phpmyadmin//README HTTP/1.1" 404 273 "-" "Mozilla/4.0 (compatible; MSIE 7.0;  Windows NT 5.2)"
    212.87.154.122 - - [11/Jun/2009:22:02:48 +0000] "GET /phpMyAdmin//README HTTP/1.1" 404 273 "-" "Mozilla/4.0 (compatible; MSIE 7.0;  Windows NT 5.2)"
    212.87.154.122 - - [11/Jun/2009:22:02:48 +0000] "GET /admin//README HTTP/1.1" 404 269 "-" "Mozilla/4.0 (compatible; MSIE 7.0;  Windows NT 5.2)"
    212.87.154.122 - - [11/Jun/2009:22:02:49 +0000] "GET /myadmin//README HTTP/1.1" 404 271 "-" "Mozilla/4.0 (compatible; MSIE 7.0;  Windows NT 5.2)"

    209.62.43.156 - - [12/Jun/2009:18:48:00 +0000] "GET //phpmyadmin/main.php HTTP/1.1" 404 273 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    209.62.43.156 - - [12/Jun/2009:18:48:06 +0000] "GET //dbadmin/main.php HTTP/1.1" 404 272 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    209.62.43.156 - - [12/Jun/2009:18:48:06 +0000] "GET //mysql/main.php HTTP/1.1" 404 271 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    204.15.36.170 - - [14/Jun/2009:19:11:33 +0000] "GET /phpmyadmin/INSTALL HTTP/1.1" 404 273 "-" "M Fucking Scanner."
    204.15.36.170 - - [14/Jun/2009:19:11:35 +0000] "GET /myadmin/INSTALL HTTP/1.1" 404 271 "-" "M Fucking Scanner."
    204.15.36.170 - - [14/Jun/2009:19:11:35 +0000] "GET /admin/INSTALL HTTP/1.1" 404 270 "-" "M Fucking Scanner."
    204.15.36.170 - - [14/Jun/2009:19:11:35 +0000] "GET /phpMyAdmin/INSTALL HTTP/1.1" 404 273 "-" "M Fucking Scanner."
    219.153.66.61 - - [14/Jun/2009:23:20:51 +0000] "GET http://www.accessteams.com/proxyheader.php HTTP/1.1" 404 341 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    67.19.254.98 - - [15/Jun/2009:00:18:04 +0000] "GET //phpMyAdmin/main.php HTTP/1.1" 404 274 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    67.19.254.98 - - [15/Jun/2009:00:18:04 +0000] "GET //phpmyadmin/main.php HTTP/1.1" 404 273 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    67.19.254.98 - - [15/Jun/2009:00:18:04 +0000] "GET //pma/main.php HTTP/1.1" 404 269 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    67.19.254.98 - - [15/Jun/2009:00:18:04 +0000] "GET //admin/main.php HTTP/1.1" 404 270 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    67.19.254.98 - - [15/Jun/2009:00:18:05 +0000] "GET //dbadmin/main.php HTTP/1.1" 404 272 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    67.19.254.98 - - [15/Jun/2009:00:18:05 +0000] "GET //mysql/main.php HTTP/1.1" 404 271 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    67.19.254.98 - - [15/Jun/2009:00:18:05 +0000] "GET //php-my-admin/main.php HTTP/1.1" 404 275 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    67.19.254.98 - - [15/Jun/2009:00:18:05 +0000] "GET //myadmin/main.php HTTP/1.1" 404 272 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    67.19.254.98 - - [15/Jun/2009:00:18:07 +0000] "GET //PHPMYADMIN/main.php HTTP/1.1" 404 273 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

    219.153.66.61 - - [17/Jun/2009:21:50:43 +0000] "GET http://www.accessteams.com/proxyheader.php HTTP/1.1" 404 341 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
    85.185.163.122 - - [18/Jun/2009:07:06:32 +0000] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 350 "-" "-"

    65.246.46.153 - - [19/Jun/2009:06:35:12 +0000] "PROPFIND /admin%24 HTTP/1.1" 405 353 "-" "Microsoft-WebDAV-MiniRedir/5.2.3790"

    62.212.132.78 - - [21/Jun/2009:07:01:07 +0000] "GET //phpmyadmin/main.php HTTP/1.1" 404 273 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [21/Jun/2009:07:01:08 +0000] "GET //phpMyAdmin/main.php HTTP/1.1" 404 274 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [21/Jun/2009:07:01:08 +0000] "GET //PHPMYADMIN/main.php HTTP/1.1" 404 273 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [21/Jun/2009:07:01:08 +0000] "GET //myadmin/main.php HTTP/1.1" 404 272 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

    61.152.116.107 - - [23/Jun/2009:03:12:11 +0000] "GET /user/soapCaller.bs HTTP/1.1" 404 272 "-" "Morfeus Fucking Scanner"
    91.121.67.119 - - [23/Jun/2009:04:48:16 +0000] "GET HTTP/1.1 HTTP/1.1" 400 347 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:17 +0000] "GET /admin/js/keyhandler.js HTTP/1.1" 404 275 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:17 +0000] "GET /admin/pma/js/keyhandler.js HTTP/1.1" 404 278 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:18 +0000] "GET /admin/phpmyadmin/js/keyhandler.js HTTP/1.1" 404 280 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:18 +0000] "GET /db/js/keyhandler.js HTTP/1.1" 404 273 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:18 +0000] "GET /dbadmin/js/keyhandler.js HTTP/1.1" 404 277 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:18 +0000] "GET /myadmin/js/keyhandler.js HTTP/1.1" 404 277 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:19 +0000] "GET /mysql/js/keyhandler.js HTTP/1.1" 404 276 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:19 +0000] "GET /mysqladmin/js/keyhandler.js HTTP/1.1" 404 346 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:19 +0000] "GET /typo3/phpmyadmin/js/keyhandler.js HTTP/1.1" 404 283 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:20 +0000] "GET /phpadmin/js/keyhandler.js HTTP/1.1" 404 278 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:20 +0000] "GET /phpmyadmin/js/keyhandler.js HTTP/1.1" 404 280 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:20 +0000] "GET /phpMyAdmin/js/keyhandler.js HTTP/1.1" 404 280 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:20 +0000] "GET /phpmyadmin1/js/keyhandler.js HTTP/1.1" 404 280 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:21 +0000] "GET /phpmyadmin2/js/keyhandler.js HTTP/1.1" 404 280 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:21 +0000] "GET /pma/js/keyhandler.js HTTP/1.1" 404 274 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:21 +0000] "GET /web/phpMyAdmin/js/keyhandler.js HTTP/1.1" 404 282 "-" "Toata dragostea mea pentru diavola"
    91.121.67.119 - - [23/Jun/2009:04:48:21 +0000] "GET /xampp/phpmyadmin/js/keyhandler.js HTTP/1.1" 404 284 "-" "Toata dragostea mea pentru diavola"

    62.212.132.78 - - [23/Jun/2009:22:32:49 +0000] "GET //phpMyAdmin/main.php HTTP/1.1" 404 274 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [23/Jun/2009:22:32:50 +0000] "GET //phpmyadmin/main.php HTTP/1.1" 404 273 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [23/Jun/2009:22:32:50 +0000] "GET //pma/main.php HTTP/1.1" 404 269 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [23/Jun/2009:22:32:50 +0000] "GET //admin/main.php HTTP/1.1" 404 270 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [23/Jun/2009:22:32:51 +0000] "GET //dbadmin/main.php HTTP/1.1" 404 272 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [23/Jun/2009:22:32:51 +0000] "GET //mysql/main.php HTTP/1.1" 404 271 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [23/Jun/2009:22:32:51 +0000] "GET //php-my-admin/main.php HTTP/1.1" 404 275 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [23/Jun/2009:22:32:52 +0000] "GET //myadmin/main.php HTTP/1.1" 404 272 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    62.212.132.78 - - [23/Jun/2009:22:32:52 +0000] "GET //PHPMYADMIN/main.php HTTP/1.1" 404 273 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"

    [Tue Jun 23 03:12:12 2009] [error] [client 61.152.116.107] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/user
    [Tue Jun 23 04:48:16 2009] [error] [client 91.121.67.119] Invalid URI in request GET HTTP/1.1 HTTP/1.1
    [Tue Jun 23 04:48:17 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/admin/js
    [Tue Jun 23 04:48:17 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/admin/pma
    [Tue Jun 23 04:48:18 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/admin/phpmyadmin
    [Tue Jun 23 04:48:18 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/db
    [Tue Jun 23 04:48:18 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/dbadmin
    [Tue Jun 23 04:48:18 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/myadmin
    [Tue Jun 23 04:48:19 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/mysql
    [Tue Jun 23 04:48:19 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/sharedapps/phpMyAdmin/js
    [Tue Jun 23 04:48:19 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/typo3
    [Tue Jun 23 04:48:20 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/phpadmin
    [Tue Jun 23 04:48:20 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/phpmyadmin
    [Tue Jun 23 04:48:20 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/phpMyAdmin
    [Tue Jun 23 04:48:20 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/phpmyadmin1
    [Tue Jun 23 04:48:21 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/phpmyadmin2
    [Tue Jun 23 04:48:21 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/pma
    [Tue Jun 23 04:48:21 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/web
    [Tue Jun 23 04:48:21 2009] [error] [client 91.121.67.119] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/xampp

    [Tue Jun 23 22:32:49 2009] [error] [client 62.212.132.78] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/phpMyAdmin
    [Tue Jun 23 22:32:50 2009] [error] [client 62.212.132.78] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/phpmyadmin
    [Tue Jun 23 22:32:50 2009] [error] [client 62.212.132.78] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/pma
    [Tue Jun 23 22:32:50 2009] [error] [client 62.212.132.78] script '/usr/local/www/vhosts/MyDomain.Com/htdocs/admin/main.php' not found or unable to stat
    [Tue Jun 23 22:32:51 2009] [error] [client 62.212.132.78] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/dbadmin
    [Tue Jun 23 22:32:51 2009] [error] [client 62.212.132.78] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/mysql
    [Tue Jun 23 22:32:51 2009] [error] [client 62.212.132.78] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/php-my-admin
    [Tue Jun 23 22:32:52 2009] [error] [client 62.212.132.78] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/myadmin
    [Tue Jun 23 22:32:52 2009] [error] [client 62.212.132.78] File does not exist: /usr/local/www/vhosts/MyDomain.Com/htdocs/PHPMYADMIN

  • The only issue I've had with spammers are actual human spam operators. IE, cam scammers. "Add me to yahoo!" and then they're all "omg u can see me on cam 4 free!!111oneone"

    Only way to deal with those is experience, sadly. Also of course it's kindof fun to string them along a little, then claim you can't recieve the signup email and try to get them to let you use their account...

    I may have changed a few spammer's email passwords like this as a service to humanity. >.>

  • @Dagorath

    wicked smart witty funny i like the style ;-)

  • @Dagorath now that is a service keep up the good work