Server logs- how to interpret- how to tell what is being accessed and if it has been compromised
Posted on 2012-04-02
I was wondering if anyone can tell me how to interpret my server logs on Server 2008 Standard? I always see these ip addresses hitting it and I block out the ones I do not recognize or search for and find out they are bots. I just do not know if they have accessed or compromised any files. My site is running perfectly and I see these hits coming from all over the world. How can I tell what if anything is being hit or what files are being corrupted or 'owned' if you will. I am going to launch soon and am looking into server hardening but its complicate and I am a newbie.
This is was one I found to be an attack from yesterday- How can I tell what may have been compromised?
/db/index.php - 80
GET /dbadmin/index.php - 80 - 126.96.36.199
GET /myadmin/index.php - 80 - 188.8.131.52
GET /mysql/index.php - 80 - 184.108.40.206
GET /mysqladmin/index.php - 80 - 220.127.116.11
GET /typo3/phpmyadmin/index.php - 80 - 18.104.22.168
GET /phpMyAdmin/index.php - 80 - 22.214.171.124
GET /phpmyadmin/index.php - 80 - 126.96.36.199
GET /phpmyadmin1/index.php - 80 - 188.8.131.52
GET /pma/index.php - 80 - 184.108.40.206 HTTP/1.1
GET /phpMyAdmin-2.5.1/index.php - 80 - 220.127.116.11
\etc. etc. etc.