Hello, today a user from this forum tried to access my vShare installation. They failed, however I felt I should alert the community of it.
I'm attaching the log files. As you can see, a user from this forum found my vShare installation through my showcase thread (here) through the referrer information. The malicious user's IP is 71.56.249.217 and it resolves to Denver, CO in the US: 71.56.249.217/c-71-56-249-217.hsd1.co.comcast.net IP Address WHOIS | DomainTools.com
Luckily I protect my Admin CP using password-protected .htaccess file.
Code:
xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:29:07 -0500] "GET / HTTP/1.1" 302 512 "http://forums.buyscripts.in/showcase-your-site/9277-beercandle-videos.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:52:18 -0500] "GET / HTTP/1.1" 302 512 "http://forums.buyscripts.in/showcase-your-site/9277-beercandle-videos.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:52:18 -0500] "GET / HTTP/1.1" 200 10754 "http://forums.buyscripts.in/showcase-your-site/9277-beercandle-videos.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:52:22 -0500] "GET /admin HTTP/1.1" 401 644 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
xxx_access_log:71.56.249.217 - admin [26/Oct/2011:00:52:27 -0500] "GET /admin HTTP/1.1" 401 180 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:52:30 -0500] "GET / HTTP/1.1" 200 5844 "http://forums.buyscripts.in/showcase-your-site/9277-beercandle-videos.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
xxx_access_log:71.56.249.217 - - [26/Oct/2011:00:52:30 -0500] "GET /recent_viewed_xml.php HTTP/1.1" 200 532 "https://video.beercandle.com/player/recent.swf" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.202 Safari/535.1"
xxx_error_log:[Wed Oct 26 00:52:27 2011] [error] [client 71.56.249.217] user admin not found: /admin
Bookmarks