Server logs- how to interpret- how to tell what is being accessed and if it has been compromised
I was wondering if anyone can tell me how to interpret my server logs on Server 2008 Standard? I always see these ip addresses hitting it and I block out the ones I do not recognize or search for and find out they are bots. I just do not know if they have accessed or compromised any files. My site is running perfectly and I see these hits coming from all over the world. How can I tell what if anything is being hit or what files are being corrupted or 'owned' if you will. I am going to launch soon and am looking into server hardening but its complicate and I am a newbie.
This is was one I found to be an attack from yesterday- How can I tell what may have been compromised?
/db/index.php - 80
GET /dbadmin/index.php - 80 - 220.127.116.11
GET /myadmin/index.php - 80 - 18.104.22.168
GET /mysql/index.php - 80 - 22.214.171.124
GET /mysqladmin/index.php - 80 - 126.96.36.199
GET /typo3/phpmyadmin/index.php - 80 - 188.8.131.52
GET /phpMyAdmin/index.php - 80 - 184.108.40.206
GET /phpmyadmin/index.php - 80 - 220.127.116.11
GET /phpmyadmin1/index.php - 80 - 18.104.22.168
GET /pma/index.php - 80 - 22.214.171.124 HTTP/1.1
GET /phpMyAdmin-2.5.1/index.php - 80 - 126.96.36.199
\etc. etc. etc.
If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.