Log Watch "probing"
--------------------- httpd Begin ------------------------
A total of 3 sites probed the server
86.134.104.171
24.63.135.68
212.34.174.174
!!!! 5 possible successful probes
/phpadmin/css/phpmyadmin.css.css?lang=en&js_frame=right&js_isDOM=1 HTTP Response 200
/phpadmin/css/phpmyadmin.css.css?lang=en-utf-8&js_frame=right HTTP Response 200
/phpadmin/css/phpmyadmin.css.css?js_frame=left&num_dbs=0 HTTP Response 200
/phpadmin/css/phpmyadmin.css.css?lang=en-utf-8&js_frame=right&js_isDOM=1 HTTP Response 200
/phpadmin/css/phpmyadmin.css.css?lang=en-utf-8&js_frame=left&num_dbs=0 HTTP Response 200
---------------------- httpd End -------------------------
I have others servers, but I have never seen this in the log watch before. The only thing I can think of is that this server is running MySQL 4.1 and after I installed phpMyAdmin I got this error when logging in:
The mbstring PHP extension was not found and you seem to be using a multibyte charset. Without the mbstring extension phpMyAdmin is unable to split strings correctly and it may result in unexpected results.
My other servers are running MySQL 3.23 or 4.0 and I have never seen this error, so I think it pertains to MySQL 4.1. Anyway, I ran this command to get rid of the error:
up2date php-mbstring
You can see that from the log watch that the "probes" are from pages/frames from phpMyAdmin.
Do you think the:
up2date php-mbstring
opened up some vulnerabilities or is this a false alarm?
One of those IP's listed is mine. I'm not sure if a successful login to phpMyAdmin is considered a probe or if someone just getting to the phpMyAdmin login page is considered a probe.
Thanks
