Hi,
I’m back again after being sick for a few days (more than I expected) so I’m sorry but I have no chance to write a single post.
Today I would like to share with you my first impressions about glastopf. Glastopf is a truly interesting honeypot project but I wasn´t sure that it would report any attack because I thought that my honeypot server wasn´t interesting enough for hackers (even though Glastopf uses a Google dork list to provide more attack vectors).
According to the logs PHPMyAdmin is an interesting target. The attacker tried to get access to the following:
- /phpMyAdmin/scripts/setup.php
- /phpmyadmin/scripts/setup.php
- /phpmyadmin/config/config.inc.php?p=phpinfo();
- /pma/config/config.inc.php?p=phpinfo();
- /phpmyadmin/config/config.inc.php?p=phpinfo();
- /php-my-admin/config/config.inc.php?p=phpinfo();
- /phpMyAdmin/config/config.inc.php?p=phpinfo();
I will keep watching the logs and I will inform you of any interesting attack. I recommend you to read Andrew Waite’s post about glastopf.
P.S: Spanish is my mother tongue so forgive me for my mistakes!
