Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - mixedtribute

Pages: [1]
1
MySQL / phpMyAdmin Bruteforce From 127.0.0.1 ??
« on: September 30, 2022, 07:33:39 AM »
I have paid for 10x CWP Pro licenses and I am the only user of my servers but I occasionally see this in /var/log/secure:

Code: [Select]
....
Sep 29 06:04:27 tiberion phpMyAdmin[122141]: user denied: dev (mysql-denied) from 127.0.0.1
Sep 29 06:04:29 tiberion phpMyAdmin[122141]: user denied: blog (mysql-denied) from 127.0.0.1
Sep 29 06:04:30 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:31 tiberion phpMyAdmin[122141]: user denied: nas (mysql-denied) from 127.0.0.1
Sep 29 06:04:34 tiberion phpMyAdmin[122141]: user denied: wordpress (mysql-denied) from 127.0.0.1
Sep 29 06:04:34 tiberion phpMyAdmin[122141]: user denied: root (empty-denied) from 127.0.0.1
Sep 29 06:04:35 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:36 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:36 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:37 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:38 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:38 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:39 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:40 tiberion phpMyAdmin[122141]: user denied: db (mysql-denied) from 127.0.0.1
Sep 29 06:04:54 tiberion phpMyAdmin[122141]: user denied: wordspress (mysql-denied) from 127.0.0.1
Sep 29 06:04:54 tiberion phpMyAdmin[122141]: user denied: shopdb (mysql-denied) from 127.0.0.1
Sep 29 06:04:55 tiberion phpMyAdmin[122141]: user denied: blog (mysql-denied) from 127.0.0.1
Sep 29 06:04:56 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:56 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:04:57 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:58 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:58 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:04:59 tiberion phpMyAdmin[122141]: user denied: database (mysql-denied) from 127.0.0.1
Sep 29 06:04:59 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:00 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:01 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:01 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:02 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:03 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:03 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:04 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:05 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:05 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:06 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:06 tiberion phpMyAdmin[122141]: user denied: pma (mysql-denied) from 127.0.0.1
Sep 29 06:05:07 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:08 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:08 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:09 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:10 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:10 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:11 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:12 tiberion phpMyAdmin[122141]: user denied: dbs (mysql-denied) from 127.0.0.1
Sep 29 06:05:12 tiberion phpMyAdmin[122141]: user denied: wordpress (mysql-denied) from 127.0.0.1
Sep 29 06:05:13 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:14 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:14 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:15 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:15 tiberion phpMyAdmin[122141]: user denied: user (mysql-denied) from 127.0.0.1
Sep 29 06:05:16 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:17 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:17 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:18 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:19 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:19 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:20 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:21 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:21 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:22 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:22 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:23 tiberion phpMyAdmin[122141]: user denied: nas (mysql-denied) from 127.0.0.1
Sep 29 06:05:24 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:24 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:25 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:26 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:26 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:27 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:28 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:28 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:29 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:30 tiberion phpMyAdmin[122141]: user denied: wordpress (mysql-denied) from 127.0.0.1
Sep 29 06:05:30 tiberion phpMyAdmin[122141]: user denied: wordpress (mysql-denied) from 127.0.0.1
Sep 29 06:05:31 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:31 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:32 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:33 tiberion phpMyAdmin[122141]: user denied: wp (mysql-denied) from 127.0.0.1
Sep 29 06:05:33 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:34 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:35 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:35 tiberion phpMyAdmin[122141]: user denied: dev (mysql-denied) from 127.0.0.1
Sep 29 06:05:36 tiberion phpMyAdmin[122141]: user denied: wp (mysql-denied) from 127.0.0.1
Sep 29 06:05:37 tiberion phpMyAdmin[122141]: user denied: shopdb (mysql-denied) from 127.0.0.1
Sep 29 06:05:37 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
Sep 29 06:05:38 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:38 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:39 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:40 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:40 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:41 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:42 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:42 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:43 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:44 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:44 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:45 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:45 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:46 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:47 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:47 tiberion phpMyAdmin[122141]: user denied: wp (mysql-denied) from 127.0.0.1
Sep 29 06:05:48 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:49 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:49 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:50 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:51 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:51 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:52 tiberion phpMyAdmin[122141]: user denied: sql (mysql-denied) from 127.0.0.1
Sep 29 06:05:53 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:53 tiberion phpMyAdmin[122141]: user denied: root (mysql-denied) from 127.0.0.1
Sep 29 06:05:54 tiberion phpMyAdmin[122141]: user denied: admin (mysql-denied) from 127.0.0.1
....

At first I thought my server may have been compromised, but I do not think it is compromised because I see these failed login attempts on all of my servers occasionally. I have recently re-installed CWP. My systems are fully up-to-date as well.... I do not have anyone else using my servers.

When I try to replicate the issue using incorrect password on https://tiberion.mydomain.com:2087/pma I see this:
Code: [Select]
Sep 30 02:25:41 tiberion phpMyAdmin[1199600]: user denied: root (mysql-denied) from X.X.X.XX.X.X.X is my home IP address .....

How am I seeing failed login attempts from 127.0.0.1?? I am the ONLY user of my servers, no customers, no one else uses the servers.

Pages: [1]