Possible hacking attempt. How to tell if my db has been compromised

Question

I have the following in my log file with seconds apart. I'm assuming something was trying to find my database or an admin page or something, but i'm not sure.

Should I be worried about this and how can I tell if my db has been compromised?

ERROR - 2011-09-23 20:51:42 --> 404 Page Not Found --> muieblackcat
ERROR - 2011-09-23 20:51:46 --> 404 Page Not Found --> PMA
ERROR - 2011-09-23 20:51:46 --> 404 Page Not Found --> admin
ERROR - 2011-09-23 20:51:47 --> 404 Page Not Found --> dbadmin
ERROR - 2011-09-23 20:51:48 --> 404 Page Not Found --> mysql
ERROR - 2011-09-23 20:51:48 --> 404 Page Not Found --> myadmin
ERROR - 2011-09-23 20:51:48 --> 404 Page Not Found --> phpmyadmin2
ERROR - 2011-09-23 20:51:49 --> 404 Page Not Found --> phpMyAdmin2
ERROR - 2011-09-23 20:51:49 --> 404 Page Not Found --> phpMyAdmin-2
ERROR - 2011-09-23 20:51:50 --> 404 Page Not Found --> php-my-admin
ERROR - 2011-09-23 20:51:50 --> 404 Page Not Found --> phpMyAdmin-2.2.3
ERROR - 2011-09-23 20:51:51 --> 404 Page Not Found --> phpMyAdmin-2.2.6
ERROR - 2011-09-23 20:51:52 --> 404 Page Not Found --> phpMyAdmin-2.5.1
ERROR - 2011-09-23 20:51:52 --> 404 Page Not Found --> phpMyAdmin-2.5.4
ERROR - 2011-09-23 20:51:53 --> 404 Page Not Found --> phpMyAdmin-2.5.5-rc1
ERROR - 2011-09-23 20:51:53 --> 404 Page Not Found --> phpMyAdmin-2.5.5-rc2
ERROR - 2011-09-23 20:51:54 --> 404 Page Not Found --> phpMyAdmin-2.5.5
ERROR - 2011-09-23 20:51:54 --> 404 Page Not Found --> phpMyAdmin-2.5.5-pl1
ERROR - 2011-09-23 20:51:55 --> 404 Page Not Found --> phpMyAdmin-2.5.6-rc1
ERROR - 2011-09-23 20:51:58 --> 404 Page Not Found --> phpMyAdmin-2.5.6
ERROR - 2011-09-23 20:51:59 --> 404 Page Not Found --> phpMyAdmin-2.5.7
ERROR - 2011-09-23 20:51:59 --> 404 Page Not Found --> phpMyAdmin-2.5.7-pl1
ERROR - 2011-09-23 20:52:00 --> 404 Page Not Found --> phpMyAdmin-2.6.0-alpha
ERROR - 2011-09-23 20:52:00 --> 404 Page Not Found --> phpMyAdmin-2.6.0-alpha2
ERROR - 2011-09-23 20:52:04 --> 404 Page Not Found --> phpMyAdmin-2.6.0-beta2
ERROR - 2011-09-23 20:52:04 --> 404 Page Not Found --> phpMyAdmin-2.6.0-rc1
ERROR - 2011-09-23 20:52:05 --> 404 Page Not Found --> phpMyAdmin-2.6.0-rc2
ERROR - 2011-09-23 20:52:05 --> 404 Page Not Found --> phpMyAdmin-2.6.0-rc3
ERROR - 2011-09-23 20:52:09 --> 404 Page Not Found --> phpMyAdmin-2.6.0-pl1
ERROR - 2011-09-23 20:52:09 --> 404 Page Not Found --> phpMyAdmin-2.6.0-pl2
ERROR - 2011-09-23 20:52:10 --> 404 Page Not Found --> phpMyAdmin-2.6.0-pl3
ERROR - 2011-09-23 20:52:10 --> 404 Page Not Found --> phpMyAdmin-2.6.1-rc1
ERROR - 2011-09-23 20:52:11 --> 404 Page Not Found --> phpMyAdmin-2.6.1-rc2
ERROR - 2011-09-23 20:52:11 --> 404 Page Not Found --> phpMyAdmin-2.6.1
ERROR - 2011-09-23 20:52:15 --> 404 Page Not Found --> phpMyAdmin-2.6.1-pl2
ERROR - 2011-09-23 20:52:15 --> 404 Page Not Found --> phpMyAdmin-2.6.1-pl3
ERROR - 2011-09-23 20:52:16 --> 404 Page Not Found --> phpMyAdmin-2.6.2-rc1
ERROR - 2011-09-23 20:52:16 --> 404 Page Not Found --> phpMyAdmin-2.6.2-beta1
ERROR - 2011-09-23 20:52:17 --> 404 Page Not Found --> phpMyAdmin-2.6.2-rc1
ERROR - 2011-09-23 20:52:17 --> 404 Page Not Found --> phpMyAdmin-2.6.2
ERROR - 2011-09-23 20:52:18 --> 404 Page Not Found --> phpMyAdmin-2.6.2-pl1
ERROR - 2011-09-23 20:52:18 --> 404 Page Not Found --> phpMyAdmin-2.6.3
ERROR - 2011-09-23 20:52:19 --> 404 Page Not Found --> phpMyAdmin-2.6.3-rc1
ERROR - 2011-09-23 20:52:19 --> 404 Page Not Found --> phpMyAdmin-2.6.3
ERROR - 2011-09-23 20:52:20 --> 404 Page Not Found --> phpMyAdmin-2.6.3-pl1
ERROR - 2011-09-23 20:52:20 --> 404 Page Not Found --> phpMyAdmin-2.6.4-rc1
ERROR - 2011-09-23 20:52:21 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl1
ERROR - 2011-09-23 20:52:21 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl2
ERROR - 2011-09-23 20:52:22 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl3
ERROR - 2011-09-23 20:52:22 --> 404 Page Not Found --> phpMyAdmin-2.6.4-pl4
ERROR - 2011-09-23 20:52:23 --> 404 Page Not Found --> phpMyAdmin-2.6.4
ERROR - 2011-09-23 20:52:23 --> 404 Page Not Found --> phpMyAdmin-2.7.0-beta1
ERROR - 2011-09-23 20:52:24 --> 404 Page Not Found --> phpMyAdmin-2.7.0-rc1
ERROR - 2011-09-23 20:52:24 --> 404 Page Not Found --> phpMyAdmin-2.7.0-pl1
ERROR - 2011-09-23 20:52:25 --> 404 Page Not Found --> phpMyAdmin-2.7.0-pl2
ERROR - 2011-09-23 20:52:25 --> 404 Page Not Found --> phpMyAdmin-2.7.0
ERROR - 2011-09-23 20:52:26 --> 404 Page Not Found --> phpMyAdmin-2.8.0-beta1
ERROR - 2011-09-23 20:52:26 --> 404 Page Not Found --> phpMyAdmin-2.8.0-rc1
ERROR - 2011-09-23 20:52:27 --> 404 Page Not Found --> phpMyAdmin-2.8.0-rc2
ERROR - 2011-09-23 20:52:27 --> 404 Page Not Found --> phpMyAdmin-2.8.0
ERROR - 2011-09-23 20:52:28 --> 404 Page Not Found --> phpMyAdmin-2.8.0.1
ERROR - 2011-09-23 20:52:34 --> 404 Page Not Found --> phpMyAdmin-2.8.0.4
ERROR - 2011-09-23 20:52:35 --> 404 Page Not Found --> phpMyAdmin-2.8.1-rc1
ERROR - 2011-09-23 20:52:35 --> 404 Page Not Found --> phpMyAdmin-2.8.1
ERROR - 2011-09-23 20:52:36 --> 404 Page Not Found --> phpMyAdmin-2.8.2
ERROR - 2011-09-23 20:52:36 --> 404 Page Not Found --> sqlmanager
ERROR - 2011-09-23 20:52:38 --> 404 Page Not Found --> mysqlmanager
ERROR - 2011-09-23 20:52:38 --> 404 Page Not Found --> p
ERROR - 2011-09-23 20:52:39 --> 404 Page Not Found --> PMA2005
ERROR - 2011-09-23 20:52:39 --> 404 Page Not Found --> pma2005
ERROR - 2011-09-23 20:52:40 --> 404 Page Not Found --> phpmanager
ERROR - 2011-09-23 20:52:40 --> 404 Page Not Found --> php-myadmin
ERROR - 2011-09-23 20:52:41 --> 404 Page Not Found --> phpmy-admin
ERROR - 2011-09-23 20:52:41 --> 404 Page Not Found --> webadmin
ERROR - 2011-09-23 20:52:42 --> 404 Page Not Found --> sqlweb
ERROR - 2011-09-23 20:52:42 --> 404 Page Not Found --> websql
ERROR - 2011-09-23 20:52:42 --> 404 Page Not Found --> webdb
ERROR - 2011-09-23 20:52:43 --> 404 Page Not Found --> mysqladmin
ERROR - 2011-09-23 20:52:43 --> 404 Page Not Found --> mysql-admin
ERROR - 2011-09-23 20:52:50 --> 404 Page Not Found --> dbadmin
ERROR - 2011-09-23 20:52:50 --> 404 Page Not Found --> myadmin
ERROR - 2011-09-23 20:52:54 --> 404 Page Not Found --> mysqladmin
ERROR - 2011-09-23 20:52:54 --> 404 Page Not Found --> phpadmin
ERROR - 2011-09-23 20:52:55 --> 404 Page Not Found --> phpMyAdmin
ERROR - 2011-09-23 20:52:55 --> 404 Page Not Found --> phpmyadmin
ERROR - 2011-09-23 20:52:56 --> 404 Page Not Found --> phpmyadmin1
ERROR - 2011-09-23 20:52:56 --> 404 Page Not Found --> phpmyadmin2
ERROR - 2011-09-23 20:52:57 --> 404 Page Not Found --> pma
ERROR - 2011-09-23 20:52:57 --> 404 Page Not Found --> databaseadmin
ERROR - 2011-09-23 20:52:58 --> 404 Page Not Found --> admm
ERROR - 2011-09-23 20:52:58 --> 404 Page Not Found --> admn
ERROR - 2011-09-23 20:52:59 --> 404 Page Not Found --> _myadmin
ERROR - 2011-09-23 20:52:59 --> 404 Page Not Found --> phpMyA
ERROR - 2011-09-23 20:53:03 --> 404 Page Not Found --> admin
ERROR - 2011-09-23 20:53:04 --> 404 Page Not Found --> mysql2
ERROR - 2011-09-23 20:53:04 --> 404 Page Not Found --> phpmyadm
ERROR - 2011-09-23 20:53:05 --> 404 Page Not Found --> php1
ERROR - 2011-09-23 20:53:05 --> 404 Page Not Found --> php2
ERROR - 2011-09-23 20:53:09 --> 404 Page Not Found --> sqladm
ERROR - 2011-09-23 20:53:09 --> 404 Page Not Found --> myAdmin
ERROR - 2011-09-23 20:53:10 --> 404 Page Not Found --> pmabd
ERROR - 2011-09-23 20:53:10 --> 404 Page Not Found --> mydb
ERROR - 2011-09-23 20:53:11 --> 404 Page Not Found --> mysql_administrator
ERROR - 2011-09-23 20:53:11 --> 404 Page Not Found --> pma_mydb
ERROR - 2011-09-23 20:53:12 --> 404 Page Not Found --> webmail2
ERROR - 2011-09-23 20:53:12 --> 404 Page Not Found --> myphp
ERROR - 2011-09-23 20:53:16 --> 404 Page Not Found --> phpas
ERROR - 2011-09-23 20:53:16 --> 404 Page Not Found --> _pma
ERROR - 2011-09-23 20:53:17 --> 404 Page Not Found --> /scripts
ERROR - 2011-09-23 20:53:20 --> 404 Page Not Found --> _dbadmin
ERROR - 2011-09-23 20:53:24 --> 404 Page Not Found --> _admin
ERROR - 2011-09-23 20:53:27 --> 404 Page Not Found --> _phpMyAdmin
ERROR - 2011-09-23 20:53:34 --> 404 Page Not Found --> sql
ERROR - 2011-09-23 20:53:34 --> 404 Page Not Found --> _sql
ERROR - 2011-09-23 20:53:35 --> 404 Page Not Found --> my-php
ERROR - 2011-09-23 20:53:35 --> 404 Page Not Found --> My-php

Are the hits from the same ip? look to see if that ip's got any '200 OK' type hits in the log. If it's all 404s, they found nothing. If there's 200s, they found SOMETHING. — Marc B, Sep 26 '11 at 15:03
I am only logging 404 errors right now. How can I log 200 OK hits without logging every single 200 Ok hit on my website? If I logged every ok hit, it would an enormous list to have to sift through. — Catfish, Sep 26 '11 at 15:14
your webserver should be logging hits in its own access log already. — Marc B, Sep 26 '11 at 15:31
Depends on your web server and platform. Apache on unix tends to have /var/log/httpd or /var/log/apache2, but it can be overriden and moved elsewhere for any number of reasons. you'll have to look in your server's configuration and find out for yourself. — Marc B, Sep 26 '11 at 16:38
Found it. It's in the cpanel under Raw Access Logs. It was set to erase the file every day so I guess I will never know if this attempt was successful. There is no personal data on there so I'm not too worried. — Catfish, Sep 26 '11 at 16:48

score 9 · Accepted Answer · answered Sep 26 '11 at 15:03

9

Something (probably a bot) is scanning your web server for those pages, which do not exist since they are receiving 404 errors. The scanning is very common -- usually scripts are looking for vulnerabilities.

We can't tell if your database has been compromised. Although the log contents you posted do not indicate that you have been compromised, just scanned.

answered Sep 26 '11 at 15:03

joet3ch

2,236
1
21
19

However, take a look at crucial @Marc B's comment – Adriano Carneiro Sep 26 '11 at 15:12

score 2 · Answer 2 · answered Sep 26 '11 at 15:18

This is a common attempt at finding out if there is an administrative web interface installed at the site. It's normal for any web site to receive such attempts from time to time.

If this is a traffic log, this particular attempt rendered no success at all as all requests resulted in a HTTP 404. If this is just a report of error messages, you should look at the traffic log to see if any request from that IP resulted in a non-404 response.

Still, just because such an attemt would find a web interface it was looking for doesn't mean that it has been hacked. It only means that someone knows what web interface you are using, and could try to find a security weakness in it. Generally there is very little risk for that if the system is properly updated and patched.

Possible hacking attempt. How to tell if my db has been compromised

2 Answers2