Security question - php/mysql - hack

A chinese company has been trying to hack our site.  I have recorded all activity and would appreciate advice to ensure our security integrity is maintained.

They are trying to run the following scripts (this is just a sample, there are lots more they are trying to run).  

They started off with

/muieblackcat

then tried lots of others including
//_myadmin/scripts/setup.php
//phpmya/scripts/setup.php
//admin/my/scripts/setup.php
//mysql2/scripts/setup.php
//phpmyadm/scripts/setup.php
//php1/scripts/setup.php
//webmail2/scripts/setup.php
//pma_mydb/scripts/setup.php

Any ideas exactly what they are after, and the best way to protect ourselves.

We just want to get on with business and it's really frustrating having to deal with idiots like this.

We don't have anything in there of value, it's just a nuisance and costs time.

I would appreciate advice from people who are really strong in security (ideally reformed hackers).  It seems they are after database and trying to setup

I am just wanting to make sure we are as best protected as possible.  We have non standard naming conventions for files and path, use form validation, etc.

I am particularly interested what motivates these people and what I can do to prevent them getting access.
LVL 1
debbieau1Asked:
Who is Participating?
 
dkellnerConnect With a Mentor Commented:
It's a standard scan for well known administration programs and their usual names/urls, like phpMyAdmin.  Once they have a valid response for one of these requests (like something else than 404) they'll try to go for the specific thing and its weak spots.  Check all the file/directory rights and owners, make VERY sure that no one is able to write any important directory as www-data, watch out for scripts dealing with passwords (disable error messages that could possibly reveal passwords - redirect all error messages to a logfile outside the web document tree), etc.

95% of these attacks go for known open-source scripts security holes; maybe get some fresh updates for whatever you use.  AND!  If you have a chance, log all mysql queries containing comment signs, coded character strings or the UNION keyword.  Many attacks rely on these.  You can find lots of sites about "mysql injection", read them to know what's out there.

Nothing happened so far - at least I hope so -, don't panic.
0
 
Ray PaseurConnect With a Mentor Commented:
Probably script kiddies.  Do these attacks all come from the same IP address?  You might ask your hosting company to block that address.
0
 
debbieau1Author Commented:
Yes, they do.

Thanks to both of you for the feedback.  What is a script kiddie?  Are these just automated scripts.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
debbieau1Author Commented:
Both feedback very useful thanks
0
 
debbieau1Author Commented:
Thanks very much.  Interesting reading
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.