Apache Logs Interesting Reading

Going through ones Apache log makes for amusing reading. Good thing it’s a disposable server, maybe…

159.8.64.60 - - [16/May/2016:16:35:00 +0200] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 499 "-" "ZmEu"
159.8.64.60 - - [16/May/2016:16:35:00 +0200] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
159.8.64.60 - - [16/May/2016:16:35:00 +0200] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 486 "-" "ZmEu"
159.8.64.60 - - [16/May/2016:16:35:00 +0200] "GET /pma/scripts/setup.php HTTP/1.1" 404 479 "-" "ZmEu"
159.8.64.60 - - [16/May/2016:16:35:00 +0200] "GET /myadmin/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
159.8.64.60 - - [16/May/2016:16:35:00 +0200] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 404 483 "-" "ZmEu"
2 Likes

What are these, should the title of the file not be illegible to you as the vault server? Im not sure what Im seeing here

That’s an excerpt from Apache’s access log on my cloud server. Someone running a script (since there other other, similar entries) to try to grab files of the usual control panel for Web administrator, Phpmyadmin. If they succeeded then they might be able to login. But they get a 404 error mainly because there are no such files on the system. I suppose they’re faking the name of the originating site (not sure why it’s a GET), since it is so silly.