This weekend, I moved some photos from my web site over to flickr. For some reason, this generated a flood of error messages on my web hoster’s server. After removing a couple of PHP files (in case they were creating security holes), and creating some zero-length files to replace some of the more frequently accessed files that were now missing, the problem seems to be solved. I hope.
When looking at the error log a little while later today, I noticed that some diligent hacker was looking to try to find a copy of phpMyAdmin to exploit. The hacker ran a script that looked for any of the following files:
phpMyAdmin/main.php
PHPMYADMIN/main.php
pHpMyAdMiN/main.php
PhPmYaDmIn/main.php
PHPmyadmin/main.php
PHPMYadmin/main.php
phpMYadmin/main.php
phpmyADMIN/main.php
pmamy/main.php
pma/main.php
PMA/main.php
myadmin/main.php
MYADMIN/main.php
MYadmin/main.php
myADMIN/main.php
MyAdmin/main.php
PMA/main.phpmain.php
mysql/main.phpmain.php
admin/main.phpmain.php
db/main.phpmain.php
dbadmin/main.phpmain.php
web/phpMyAdmin/main.phpmain.php
admin/pma/main.phpmain.php
admin/phpmyadmin/main.phpmain.php
admin/mysql/main.phpmain.php
mysql-admin/main.phpmain.php
phpmyadmin2/main.phpmain.php
mysqladmin/main.phpmain.php
mysql-admin/main.phpmain.php
main.phpmain.php
phpMyAdmin-2.5.6/main.phpmain.php
phpMyAdmin-2.5.4/main.phpmain.php
phpMyAdmin-2.5.1/main.phpmain.php
phpMyAdmin-2.2.3/main.phpmain.php
phpMyAdmin-2.9.1/main.phpmain.php
phpMyAdmin-2.9.0/main.phpmain.php
phpMyAdmin-2.9.0.2/main.phpmain.php
phpMyAdmin-2.9.0.1/main.phpmain.php
phpMyAdmin-2.8.2.4/main.phpmain.php
phpMyAdmin-2.8.2.2/main.phpmain.php
phpMyAdmin-2.8.2.1/main.phpmain.php
phpMyAdmin-2.7.0-pl2/main.phpmain.php
phpMyAdmin-2.7.0/main.phpmain.php
phpMyAdmin-2.6.4-pl4/main.phpmain.php
phpMyAdmin-2.6.4/main.phpmain.php
phpMyAdmin-2.8.1/main.phpmain.php
phpMyAdmin-2.2.6/main.phpmain.php
phpMyAdmin-2.2.7/main.phpmain.php
phpMyAdmin-2.2.7-pl1/main.phpmain.php
phpMyAdmin-2.2.0/main.phpmain.php
myadmin/main.phpmain.php
So if anybody out there is using phpMyAdmin, you might want to try putting your files in a directory other than any of these ones.
The Globe had an article recently about a woman who died of water intoxication. She was an entrant in a contest in Sacramento called “Hold Your Wee for a Wii”. Contestants were asked to drink as much water as possible without going to the bathroom; presumably, the person with the strongest bladder won a game console. This is a horrible, sad tragedy, of course, and it was a dumb contest idea too, but: I had no idea that too much water can kill you. Is there anything out there that can’t kill you?
Posted by davetill 