debbieau1
asked on
Security question - php/mysql - hack
A chinese company has been trying to hack our site. I have recorded all activity and would appreciate advice to ensure our security integrity is maintained.
They are trying to run the following scripts (this is just a sample, there are lots more they are trying to run).
They started off with
/muieblackcat
then tried lots of others including
//_myadmin/scripts/setup.p hp
//phpmya/scripts/setup.php
//admin/my/scripts/setup.p hp
//mysql2/scripts/setup.php
//phpmyadm/scripts/setup.p hp
//php1/scripts/setup.php
//webmail2/scripts/setup.p hp
//pma_mydb/scripts/setup.p hp
Any ideas exactly what they are after, and the best way to protect ourselves.
We just want to get on with business and it's really frustrating having to deal with idiots like this.
We don't have anything in there of value, it's just a nuisance and costs time.
I would appreciate advice from people who are really strong in security (ideally reformed hackers). It seems they are after database and trying to setup
I am just wanting to make sure we are as best protected as possible. We have non standard naming conventions for files and path, use form validation, etc.
I am particularly interested what motivates these people and what I can do to prevent them getting access.
They are trying to run the following scripts (this is just a sample, there are lots more they are trying to run).
They started off with
/muieblackcat
then tried lots of others including
//_myadmin/scripts/setup.p
//phpmya/scripts/setup.php
//admin/my/scripts/setup.p
//mysql2/scripts/setup.php
//phpmyadm/scripts/setup.p
//php1/scripts/setup.php
//webmail2/scripts/setup.p
//pma_mydb/scripts/setup.p
Any ideas exactly what they are after, and the best way to protect ourselves.
We just want to get on with business and it's really frustrating having to deal with idiots like this.
We don't have anything in there of value, it's just a nuisance and costs time.
I would appreciate advice from people who are really strong in security (ideally reformed hackers). It seems they are after database and trying to setup
I am just wanting to make sure we are as best protected as possible. We have non standard naming conventions for files and path, use form validation, etc.
I am particularly interested what motivates these people and what I can do to prevent them getting access.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Both feedback very useful thanks
ASKER
Thanks very much. Interesting reading
ASKER
Thanks to both of you for the feedback. What is a script kiddie? Are these just automated scripts.