: Apache (XAMPP 1.8.0) access.log/Intrusion Detection Concern [I originally posted on SO but it earned me a Tumbleweed badge. This looks like a better venue for the question.] I have Apache (XAMPP

@Miguel251

Posted in: #Apache #Logging #Xampp

[I originally posted on SO but it earned me a Tumbleweed badge. This looks like a better venue for the question.]

I have Apache (XAMPP 1.8.0) running on Vista Pro x64. A couple times now I have seen a pattern like the example below in access.log. Concerning is the "attack" seems to somehow shift from a public IP to a valid private IP on my network (happens to be the WAN address of one of my routers).

Two questions: How is this possible, and what happens if the "attacker" stumbles on a valid request?

I've googled this to no avail.

177.0.X.X - - [03/Jun/2012:08:19:34 -0400] "GET /phpMyAdmin-2.5.4/index.php HTTP/1.1" 403
177.0.X.X - - [03/Jun/2012:08:19:34 -0400] "GET /phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1" 403
177.0.X.X - - [03/Jun/2012:08:19:34 -0400] "GET /phpMyAdmin-2.2.6/index.php HTTP/1.1" 403
177.0.X.X - - [03/Jun/2012:08:19:34 -0400] "GET /phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1" 403
192.168.15.3 - - [03/Jun/2012:08:19:56 -0400] "GET /phpMyAdmin-2.5.6-rc2/index.php HTTP/1.1" 403
177.0.X.X - - [03/Jun/2012:08:19:56 -0400] "GET /phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1" 403
177.0.X.X - - [03/Jun/2012:08:19:56 -0400] "GET /phpMyAdmin-2.5.5-pl1/index.php HTTP/1.1" 403
192.168.15.3 - - [03/Jun/2012:08:19:59 -0400] "GET /phpMyAdmin-2.5.7/index.php HTTP/1.1" 403
192.168.15.3 - - [03/Jun/2012:08:20:01 -0400] "GET /phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1" 403
192.168.15.3 - - [03/Jun/2012:08:20:02 -0400] "GET HTTP/1.1" 400 1060 "-" "-"

Vote Up Vote Down

Login to post a comment!