Here’s a gem I found in my web server logs:
.. GET /phpMyAdmin-2.2.3/scripts/setup.php GET /phpMyAdmin-2.2.6/scripts/setup.php GET /phpMyAdmin-2.5.1/scripts/setup.php GET /phpMyAdmin-2.5.4/scripts/setup.php GET /phpMyAdmin-2.5.5-pl1/scripts/setup.php GET /phpMyAdmin-2.5.5-rc1/scripts/setup.php GET /phpMyAdmin-2.5.5-rc2/scripts/setup.php GET /phpMyAdmin-2.5.5/scripts/setup.php GET /phpMyAdmin-2.5.6-rc1/scripts/setup.php GET /phpMyAdmin-2.5.6-rc2/scripts/setup.php GET /phpMyAdmin-2.5.6/scripts/setup.php GET /phpMyAdmin-2.5.7-pl1/scripts/setup.php GET /phpMyAdmin-2.5.7/scripts/setup.php GET /phpMyAdmin-2.6.0-alpha/scripts/setup.php GET /phpMyAdmin-2.6.0-alpha2/scripts/setup.php GET /phpMyAdmin-2.6.0-beta1/scripts/setup.php GET /phpMyAdmin-2.6.0-beta2/scripts/setup.php GET /phpMyAdmin-2.6.0-pl1/scripts/setup.php GET /phpMyAdmin-2.6.0-pl2/scripts/setup.php GET /phpMyAdmin-2.6.0-pl3/scripts/setup.php GET /phpMyAdmin-2.6.0-rc1/scripts/setup.php GET /phpMyAdmin-2.6.0-rc2/scripts/setup.php GET /phpMyAdmin-2.6.0-rc3/scripts/setup.php GET /phpMyAdmin-2.6.0/scripts/setup.php GET /phpMyAdmin-2.6.1-pl1/scripts/setup.php GET /phpMyAdmin-2.6.1-pl2/scripts/setup.php GET /phpMyAdmin-2.6.1-pl3/scripts/setup.php GET /phpMyAdmin-2.6.1-rc1/scripts/setup.php GET /phpMyAdmin-2.6.1-rc2/scripts/setup.php GET /phpMyAdmin-2.6.1/scripts/setup.php GET /phpMyAdmin-2.6.2-beta1/scripts/setup.php GET /phpMyAdmin-2.6.2-pl1/scripts/setup.php GET /phpMyAdmin-2.6.2-rc1/scripts/setup.php GET /phpMyAdmin-2.6.2/scripts/setup.php GET /phpMyAdmin-2.6.3-pl1/scripts/setup.php GET /phpMyAdmin-2.6.3-rc1/scripts/setup.php GET /phpMyAdmin-2.6.3/scripts/setup.php GET /phpMyAdmin-2.6.4-pl1/scripts/setup.php GET /phpMyAdmin-2.6.4-pl2/scripts/setup.php GET /phpMyAdmin-2.6.4-pl3/scripts/setup.php GET /phpMyAdmin-2.6.4-pl4/scripts/setup.php GET /phpMyAdmin-2.6.4-rc1/scripts/setup.php GET /phpMyAdmin-2.6.4/scripts/setup.php GET /phpMyAdmin-2.7.0-beta1/scripts/setup.php GET /phpMyAdmin-2.7.0-pl1/scripts/setup.php GET /phpMyAdmin-2.7.0-pl2/scripts/setup.php GET /phpMyAdmin-2.7.0-rc1/scripts/setup.php GET /phpMyAdmin-2.7.0/scripts/setup.php GET /phpMyAdmin-2.8.0-beta1/scripts/setup.php GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php GET /phpMyAdmin-2.8.0-rc2/scripts/setup.php GET /phpMyAdmin-2.8.0.1/scripts/setup.php GET /phpMyAdmin-2.8.0.2/scripts/setup.php GET /phpMyAdmin-2.8.0.3/scripts/setup.php GET /phpMyAdmin-2.8.0.4/scripts/setup.php GET /phpMyAdmin-2.8.0/scripts/setup.php GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php GET /phpMyAdmin-2.8.1/scripts/setup.php GET /phpMyAdmin-2.8.2/scripts/setup.php GET /phpMyAdmin-2/scripts/setup.php GET /phpmyadmin/scripts/setup.php GET /phpMyAdmin/scripts/setup.php GET /phpmyadmin/server_status.php GET /phpmyadmin1/scripts/setup.php GET /phpmyadmin2/scripts/setup.php
To end up with a list like this, I usually invoke a small PERL script: (it is more flexible to have it as a script that of one liner):
open (FILE, "<access.log") or die 'Unable to open access.log.';
while() {
if ($_ =~ m/GET (.*?) HTTP/) {
print $1 . "\n";
}
}
close(FILE);
which parses hundreds of Mb of lines like the one below:
XX.XXX.XXX.XXX - - [05/Sep/2010:17:47:19 +0300] GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1 "404" 61 "-" "ZmEu" .....
just to print the URLs into a easy sortable:
perl filter.pl > links.txt sort -T h: links.txt | uniq
Conclusion
Do not keep phpmyadmin installed in the root of your website. I know not to keep anything in docroot, and also to remove/rename the install file. But come on, ALL VERSIONS ? That’s some will power right there …
Leave a Reply