OVH Community, your new community space.

91.121.87.141 heavily scanning for exploits


Myatu
11-06-2010, 22:36
Quote Originally Posted by tallen
I a mean windows 98 exploit!?!!?!?
No, no. I was referring to the user agent (browser identifier). Given it's likely to be fake, and with Windows 98 hardly in use anymore, it'd be easy enough to simply filter those scans.

Winit
11-06-2010, 22:34
Quote Originally Posted by gregoryfenton
I already cleared it with them and followed instructions exactly.
Not the point. Automated reports are a pain in the arse and don't have a personal touch. Ignore scans/brute force and get on with life.

gregoryfenton
11-06-2010, 21:48
Yeah, but unfortunately a script kiddie doing scans at the speed OVH can provide may well end up finding a vulnerable server.

If someone can scan one server a day for exploits on a modem, he could potentially scan a couple of million servers a day on a high bandwidth OVH connection.

Let them all share their own private network and tell them that 127.0.0.1 is a potentially lucrative target.

tallen
11-06-2010, 21:47
Yeah there's still loads of script kiddys on OVH servers trying to exploit others. Wouldn't worry about it. They're too noobish to be able to hack your server. I a mean windows 98 exploit!?!!?!?

gregoryfenton
11-06-2010, 21:36
skript kiddies

Myatu
11-06-2010, 21:28
Who still uses "Windows 98" anyway?

gregoryfenton
11-06-2010, 20:36
http://forum.ovh.co.uk/showthread.php?t=3415

I already cleared it with them and followed instructions exactly.

Since the process started I have only emailed OVH using the automated method 8 times. Hardly spam and each mail contains a log entry showing the exploit attempt.

Winit
11-06-2010, 20:30
No wonder they ignore reports if they're automated.

gregoryfenton
11-06-2010, 17:44
I do usually (automated) but this one seems rather runaway, and plus there are IPs that I reported to that email address that are still happily scanning me over a week after reporting them (my automated script IP bans for a week from initial detection).

Neil
11-06-2010, 17:37
You should to abuse@ovh.net if you have not already done so.

gregoryfenton
11-06-2010, 16:49
Just witnessed this attack:
Code:
91.121.87.141 - - [11/Jun/2010:15:43:14 +0000] "GET / HTTP/1.0" 200 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:15 +0000] "POST /phpmyadmin/tbl_select.php HTTP/1.0" 403 414 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:15 +0000] "POST /phpMyAdmin/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:16 +0000] "POST /db/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:17 +0000] "POST /web/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:18 +0000] "POST /PMA/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:19 +0000] "POST /dbadmin/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:20 +0000] "POST /PMA2006/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:20 +0000] "POST /pma2006/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:21 +0000] "POST /sqlmanager/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:22 +0000] "POST /mysqlmanager/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:23 +0000] "POST /p/m/a/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:24 +0000] "POST /PMA2005/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:24 +0000] "POST /pma2005/tbl_select.php HTTP/1.0" 404 60791 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:25 +0000] "POST /phpmanager/tbl_select.php HTTP/1.0" 404 60793 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:26 +0000] "POST /php-myadmin/tbl_select.php HTTP/1.0" 404 21900 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:27 +0000] "POST /phpmy-admin/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:28 +0000] "POST /mysql/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:28 +0000] "POST /myadmin/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:29 +0000] "POST /webadmin/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:30 +0000] "POST /sqlweb/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:31 +0000] "POST /websql/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:32 +0000] "POST /webdb/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:32 +0000] "POST /mysqladmin/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:33 +0000] "POST /mysql-admin/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:34 +0000] "POST /phpmyadmin2/tbl_select.php HTTP/1.0" 404 56940 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:35 +0000] "POST /phpMyAdmin2/tbl_select.php HTTP/1.0" 404 60795 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:35 +0000] "POST /phpMyAdmin-2/tbl_select.php HTTP/1.0" 404 32120 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:36 +0000] "POST /php-my-admin/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:37 +0000] "POST /phpMyAdmin-2.2.3/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:38 +0000] "POST /phpMyAdmin-2.2.6/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:39 +0000] "POST /phpMyAdmin-2.5.1/tbl_select.php HTTP/1.0" 404 21900 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:40 +0000] "POST /phpMyAdmin-2.5.4/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:40 +0000] "POST /phpMyAdmin-2.5.5-rc1/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:41 +0000] "POST /phpMyAdmin-2.5.5-rc2/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:42 +0000] "POST /phpMyAdmin-2.5.5/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:43 +0000] "POST /phpMyAdmin-2.5.5-pl1/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:44 +0000] "POST /phpMyAdmin-2.5.6-rc1/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:45 +0000] "POST /phpMyAdmin-2.5.6-rc2/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:45 +0000] "POST /phpMyAdmin-2.5.6/tbl_select.php HTTP/1.0" 404 21900 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:46 +0000] "POST /phpMyAdmin-2.5.7/tbl_select.php HTTP/1.0" 404 21900 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:47 +0000] "POST /phpMyAdmin-2.5.7-pl1/tbl_select.php HTTP/1.0" 404 60804 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:48 +0000] "POST /phpMyAdmin-2.6.0-alpha/tbl_select.php HTTP/1.0" 404 60806 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:50 +0000] "POST /phpMyAdmin-2.6.0-alpha2/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:51 +0000] "POST /phpMyAdmin-2.6.0-beta1/tbl_select.php HTTP/1.0" 404 60806 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:52 +0000] "POST /phpMyAdmin-2.6.0-beta2/tbl_select.php HTTP/1.0" 404 23360 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:53 +0000] "POST /phpMyAdmin-2.6.0-rc1/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:54 +0000] "POST /phpMyAdmin-2.6.0-rc2/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:55 +0000] "POST /phpMyAdmin-2.6.0-rc3/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:56 +0000] "POST /phpMyAdmin-2.6.0/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:56 +0000] "POST /phpMyAdmin-2.6.0-pl1/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:57 +0000] "POST /phpMyAdmin-2.6.0-pl2/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:58 +0000] "POST /phpMyAdmin-2.6.0-pl3/tbl_select.php HTTP/1.0" 404 60804 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:43:59 +0000] "POST /phpMyAdmin-2.6.1-rc1/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:44:00 +0000] "POST /phpMyAdmin-2.6.1-rc2/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:44:01 +0000] "POST /phpMyAdmin-2.6.1/tbl_select.php HTTP/1.0" 404 60800 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:44:02 +0000] "POST /phpMyAdmin-2.6.1-pl1/tbl_select.php HTTP/1.0" 404 60804 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:44:04 +0000] "POST /phpMyAdmin-2.6.1-pl2/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:44:05 +0000] "POST /phpMyAdmin-2.6.1-pl3/tbl_select.php HTTP/1.0" 404 60803 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
91.121.87.141 - - [11/Jun/2010:15:44:06 +0000] "POST /phpMyAdmin-2.6.2-rc1/tbl_select.php HTTP/1.0" 404 13140 "-" "Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)"
now blocked via iptables but I will hazard a guess I am not the only target