4

Here's what I found from /var/log/nginx/error.log file.

2012/02/23 04:28:32 [error] 1704#0: *2 open() "/usr/share/nginx/html/MyAdmin/scripts/setup.php" failed (2: No such file or directory), client: 116.255.168.108, server: localhost, request: "GET /MyAdmin/scripts/setup.php HTTP/1.1", host: "199.180.129.222"

is this a hacking attempt?

luckily, I wasn't smart enough to successfully set up the PHP environment...

also, something interesting:

2012/02/23 04:28:31 [error] 1704#0: *1 open() "/usr/share/nginx/html/w00tw00t.at.blackhats.romanian.anti-sec:)" failed (2: No such file or directory), client: 116.255.168.108, server: localhost, request: "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1", host: "199.180.129.222"

Any suggestions on preventing things like this?

Ladadadada
  • 25,847
  • 7
  • 57
  • 90
user269334
  • 161
  • 2
  • 5

2 Answers2

5

Yes, these are both hacking attempts. The first is attempting to see if you have phpMyAdmin installed. You will usually find a large number of variations on these directories such as /PMA/, /admin/db/, /phpMyAdmin/ and specific versions such as /phpMyAdmin-2.2.3/main.php

phpMyAdmin has had plenty of security holes and it is not uncommon to find it left completely open, even if it's the most recent version.

The second attack seems to be related to the first, seems to preceed the phpMyAdmin attacks and in your case, unusually, seems to be announcing who is behind the attack.

You're not the first to ask about this one.

Ladadadada
  • 25,847
  • 7
  • 57
  • 90
2

Someone is asking your web server for something that isn't there, and it's getting a "not found" error. This is expected behaviour, and nothing you should worry about.

If you see lots of these requests coming from the same IP address(es), you could block them... but it's unlikely this is something specifically targeted to your web server, this is probably some bot scanning for known security holes.

Massimo
  • 68,714
  • 56
  • 196
  • 319