{"id":270,"date":"2007-05-31T03:19:00","date_gmt":"2007-05-31T03:19:00","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=270"},"modified":"2020-07-03T03:20:25","modified_gmt":"2020-07-03T03:20:25","slug":"sqlmanager-scans","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2007\/05\/sqlmanager-scans\/","title":{"rendered":"Sqlmanager scans"},"content":{"rendered":"\n<p>I have three honeypots looking for web attacks\/scans and lately all three of them detected scans looking for&nbsp;<a href=\"http:\/\/www.sqlmanager.net\/\">sqlmanager<\/a>&nbsp;(mysqlmanager). It is the first time I see them looking for it and I couldn\u2019t find any reference to new vulnerabilities related to it. I changed my honeypots to respond successfully to these scans to be able to see what the exploits are all about.<\/p>\n\n\n\n<p><em><br><code><br>Received From: hn1-&gt;\/var\/log\/httpd\/error_log<br>Rule: 30114 fired (level 10) -&gt; \"Multiple attempts to access non-existent files (web scan) from same source.\"<br>Portion of the log(s):<\/code><\/em><\/p>\n\n\n\n<p><em>[Mon May 28 15:56:00 2007] [error] [client 75.xx.xx.xx] File does not exist: \/var\/www\/html\/p<br>[Mon May 28 15:56:00 2007] [error] [client 75.xx.xx.xx] File does not exist: \/var\/www\/html\/mysqlmanager<br>[Mon May 28 15:55:59 2007] [error] [client 75.xx.xx.xx] File does not exist: \/var\/www\/html\/sqlmanager<br>[Mon May 28 15:55:59 2007] [error] [client 75.xx.xx.xx] File does not exist: \/var\/www\/html\/pma2006<br>[Mon May 28 15:55:59 2007] [error] [client 75.xx.xx.xx] File does not exist: \/var\/www\/html\/PMA2006<br>[Mon May 28 15:55:59 2007] [error] [client 75.xx.xx.xx] File does not exist: \/var\/www\/html\/dbadmin<br>[Mon May 28 15:55:59 2007] [error] [client 75.xx.xx.xx] File does not exist: \/var\/www\/html\/admin<br>[Mon May 28 15:55:59 2007] [error] [client 75.xx.xx.xx] File does not exist: \/var\/www\/html\/PMA<br>[Mon May 28 15:55:59 2007] [error] [client 75.xx.xx.xx] File does not exist: \/var\/www\/html\/web<br>[Mon May 28 15:55:59 2007] [error] [client 75.xx.xx.xx] File does not exist: \/var\/www\/html\/db<\/em><\/p>\n\n\n\n<p><em>\u2013END OF NOTIFICATION<\/em><\/p>\n\n\n\n<p>Any ideas out there? Did I miss something?<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have three honeypots looking for web attacks\/scans and lately all three of them detected scans looking for&nbsp;sqlmanager&nbsp;(mysqlmanager). It is the first time I see them looking for it and I couldn\u2019t find any reference to new vulnerabilities related to it. I changed my honeypots to respond successfully to these scans to be able to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/270"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=270"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/270\/revisions"}],"predecessor-version":[{"id":271,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/270\/revisions\/271"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}