Admin Hack attempts

spaceCowboy · August 3, 2017, 5:00pm

I’m not sure if there’s much to do, but our Papertrail is showing a spike in attempts to get into our app. Has anyone else seen a spike in requests like these (log output below):

/admin/jsi18n/ 200 2492 0.002
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:19] INFO app.request /sql/phpmy-admin/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:19] INFO app.request /sql/sql/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:20] INFO app.request /sql/myadmin/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:20] INFO app.request /sql/webadmin/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:20] INFO app.request /sql/sqlweb/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:20] INFO app.request /sql/websql/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:20] INFO app.request /sql/webdb/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:21] INFO app.request /sql/sqladmin/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:21] INFO app.request /sql/sql-admin/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:21] INFO app.request /sql/phpmyadmin2/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:21] INFO app.request /sql/phpMyAdmin2/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:21] INFO app.request /sql/phpMyAdmin/ 400 26 0.000
Aug 01 10:41:25 ad68de8a8bf5 nhc-prod-web: [01/Aug/2017 10:41:22] INFO app.request /db/myadmin/ 400 26 0.000

chas · August 4, 2017, 5:42pm

This is very common for web apps. We have a support article here that explains a bit more: https://www.aptible.com/documentation/enclave/troubleshooting/unexpected-requests.html

Usually this is unauthenticated traffic and is just looking around for routes that don’t exist. If you think you’re being specifically targeted, let me know and we can discuss options, like IP whitelisting or a WAF.

Topic		Replies	Views
Papertrail certificate rotated logging	1	994	April 30, 2016
Another logging option: LogDNA logging	9	1743	February 20, 2019
Vulnerability scanning 3rd-party	0	856	April 30, 2016
BizIntel tools? 3rd-party	15	2764	June 25, 2018
Sumologic timestamp parsing 3rd-party	7	2120	August 3, 2017

Admin Hack attempts

Related Topics