Website Security Tip remove catch all bindings


Website Security Tip remove catch all bindings

Posted on May 23, 2010 by Paul White

A few months ago I noticed that one of my clients websites seemed to be getting spikes of traffic.  However with spikes in traffic most clients would report an increase in sales or business.  This client did not report any increases in business.  The problem has to do with catchall bindings for my websites.  Lets say you have a website setup in IIS. MyWebsite.com  So naturally you would create the following bindings in IIS.

Mywebsite.com -> IP Address
www.Mywebsite.com -> IP Address
-> IP Address ( catch all )

The last entry is a catch all.  This allows you to access a website by going directly to the IP Address instead of needing to use a hostname.  If you have a dedicated IP for your website, then you usually are able to use catch all bindings.  If you are on a really cheap Shared hosting account, then you might not have a dedicated IP and this article would not apply to you.

How Hackers use catch all bindings against you

Considering there are billions of domains, it takes alot of work for hackers to collect a list of all domains and then navigate to each site searching for security weaknesses to exploit.  So instead they figure out what IP blocks are run by hosting companies.  Then they numerically navigate through all the sites.  Starting with 1.1.1.1 then 1.1.1.2, then 1.1.1.3, and so on.  Naturally they start with an IP that is know to be running on a server, and then starting searching up and down the IP tables. Since many website run on prefabricated template systems, hackers have dedicated the time and resources to find weaknesses in these systems.  Then its just a matter of figuring out what sites are running these template sites.  So the hackers make requests to your server ( using the IP Address because they don't know the domain ), searching for known files that are part of these systems.  When they get a response that is not a 404 ( file not found ) their system will record this to be investigated later.  Most webmasters just let the server handle 404 responses, keeping them in the unknown about what kind of requests are really being made to their websites.  I have most of my websites setup to automatically email me when something unexpected happens ( Server Error , File Not Found ).  When I got a bunch of emails from my server, showing that a given IP was searching for files that I did not have this was a red flag to me, so I found a solution

Setup a Catch All Website

So I setup a catch all website, made of a simple 1 page that features some google ads and some high paying keywords and text.  So if a real person does happen to stumble upon my catch all website, the chance of a click is relatively high.  The next step was to setup the catch all to accept request from all IPs on the box, that were currently unassigned, which would be all of them.

Setup your stats server for your catch all website

The next step I took was to setup SmarterStats for my catch all website.  This is just nice to have from a tracking point of view.  To see what IPs are up to no good.

IPs attempting to hack by catch all bindings

In just the month of May 2010 the following IPs were caught accessing my catch all website.  I am not going to say that all of the IPs were bots or hackers, but 95% most likely are.

RankIP AddressPage ViewsVisitsHitsBandwidth
(KB)
174.94.50.6120,352
1
20,352
66,205
261.183.15.9428
14
428
1,449
3200.111.168.170405
1
405
556
4221.192.199.35369
15
369
1,267
592.48.206.91186
1
186
246
664.2.64.167186
1
186
246
780.249.173.97124
1
124
170
865.208.173.13793
1
93
306
9208.80.193.3967
67
67
225
10217.70.188.19734
1
34
46
1172.232.222.10634
1
34
46
1224.148.156.12431
1
31
45
1377.104.250.8931
1
31
42
14144.206.66.5621
4
21
72
15208.80.193.4221
21
21
71
16208.80.193.3521
21
21
70
17192.197.121.221
4
21
72
18163.28.32.10020
3
20
70
19195.116.53.2320
3
20
69
2083.230.127.12418
1
18
62
21141.24.33.16118
1
18
62
2289.245.239.3718
2
18
8
23208.80.193.2917
17
17
57
24208.80.193.3017
17
17
57
25205.203.134.19716
2
16
53
26208.80.193.2716
16
16
54
27208.80.193.3716
16
16
54
28208.80.193.3415
15
15
50
29208.80.193.3813
13
13
44
30208.80.193.4013
13
13
44
31208.80.193.2811
11
11
37
3291.212.127.10011
11
11
18
33208.80.193.4311
11
11
37
34208.80.193.369
9
9
30
35208.80.193.419
9
9
30
3688.80.10.17
7
7
11
37208.80.193.325
5
5
17
3878.138.151.1264
1
4
14
39184.73.20.2213
1
3
2
40213.131.1.1013
3
3
10
41174.129.96.1173
1
3
2
42129.15.78.303
3
3
10
43208.80.193.313
3
3
10
44129.242.19.1962
2
2
7
45198.82.160.2382
2
2
7
46195.42.102.212
1
2
7
47129.108.202.102
2
2
7
48196.219.200.1632
2
2
7
49200.19.159.342
2
2
7
50130.73.142.872
2
2
7
51194.42.17.1232
2
2
7
52192.107.171.1452
2
2
7
5372.44.55.1422
1
2
1
54203.117.220.2222
2
2
6
55173.212.232.582
2
2
7
56184.73.69.822
1
2
1
57184.73.121.1292
2
2
1
58129.10.120.1932
2
2
7
59151.97.9.2242
2
2
7
60139.91.90.2382
2
2
7
6167.198.44.1162
1
4
7
62193.157.115.2502
2
2
7
6375.101.218.971
1
1
1
64150.189.2.1021
1
1
3
65141.20.103.2101
1
1
3
66184.73.114.451
1
1
1
67128.219.164.1251
1
1
3
68216.38.216.2201
1
1
2
69141.219.252.1321
1
1
3
70132.65.240.1001
1
1
3
71143.248.208.321
1
1
3
72193.55.112.401
1
1
3
7367.202.10.461
1
1
1
7463.253.61.1821
1
1
1
75174.129.176.731
1
1
1
76138.100.12.1491
1
1
3
77138.238.250.1551
1
1
3
78203.178.143.281
1
1
3
79131.130.32.1551
1
1
3
80118.217.217.731
1
1
2
81171.66.3.1811
1
1
3
82184.73.68.2351
1
1
1
83163.117.253.51
1
1
3
84132.170.3.321
1
1
3
85136.145.115.1941
1
1
3
86163.221.11.731
1
1
3
87110.75.169.921
1
1
2
88174.129.105.2281
1
1
1
89128.111.52.581
1
1
3
90204.236.249.2031
1
1
1
91174.129.165.931
1
1
1
92174.129.164.1611
1
1
1
93193.226.19.301
1
1
3
94110.75.166.41
1
1
2
95174.129.101.1901
1
1
1
96137.189.98.311
1
1
3
97130.195.4.691
1
1
3
98184.73.28.41
1
1
1
99131.247.2.2451
1
1
3
100158.130.6.2531
1
1
3
10167.202.42.341
1
1
1
102128.208.4.1991
1
1
3
10364.120.143.1721
1
1
3
10472.36.112.781
1
1
3
105204.56.0.1371
1
1
3
106184.73.76.1431
1
1
1
107137.165.1.1121
1
1
3
10841.225.7.31
1
1
3
109129.82.12.1881
1
1
3
110128.252.19.191
1
1
3
111184.73.69.2321
1
1
1
112199.26.254.691
1
1
3
113203.30.39.2381
1
1
3
114190.227.163.1421
1
1
3
11575.101.213.611
1
1
1
116208.80.193.331
1
1
3
117204.85.191.111
1
1
3
118174.129.106.1501
1
1
1
119192.33.90.681
1
1
3
120184.73.106.2091
1
1
1
12166.219.58.390
1
2
3
12298.165.157.1360
1
2
3
123110.75.168.340
4
12
41
12466.219.58.450
1
2
3
125173.10.18.1150
3
3
0
12667.220.101.1360
4
4
6
12738.101.148.1260
7
22
48
12868.233.33.20
1
2
3
12967.218.99.1950
1
1
3
13067.19.79.2180
20
20
66
13169.255.185.420
1
2
3
132216.104.15.1420
1
1
3
13392.240.68.1520
24
24
35
13492.240.68.1530
19
20
28
13571.228.139.2550
1
2
3
13666.219.58.380
1
2
3
13760.19.64.470
5
5
14
Total(s)22,819 537 22,947 72,562 
Average(s)166 3 167 530 


The files most requested by Hackers and SpamBots / BotNets

The following files were requested by the IPs above.  Most of files seem to be part of the PHPMyAdmin, or some webmail interface ( both of which I do not host )

RankPagePage ViewsVisitsBandwidtd
(KB)
1/prx2.php797292,716
2/5653951,689
3/phpmyadmin/config/config.inc.php1432197
4/pma/config/config.inc.php892122
5/about.php68292
6/sql/phpmyadmin/main.php641208
7/database/phpmyadmin2/main.php641208
8/database/database/main.php641208
9/administrator/pma2005/main.php641208
10/administrator/phpmyadmin-2.6.2-rc1/main.php641209
11/admin/pma2006/main.php641208
12/db/phpmyadmin-2.6.2-rc1/main.php641208
13/sql/pma2006/main.php641208
14/database/pma2005/main.php641208
15/administrator/phpmyadmin-2.6.3/main.php641209
16/mysql/pma2005/main.php641208
17/db/phpmyadmin-2.6.3/main.php641208
18/sql/phpmyadmin2/main.php641208
19/phpmyadmin-2.6.3/main.php641208
20/sql/phpmyadmin-2.6.3/main.php641208
21/database/databaseadmin/main.php641208
22/db/main.php641207
23/phpmyadmin2/main.php641208
24/admin/pma2005/main.php641208
25/mysql/phpmyadmin2/main.php641208
26/admin/phpmyadmin-2.6.2-rc1/main.php641209
27/administrator/phpmyadmin/main.php641208
28/db/pma2006/main.php641208
29/db/pma2005/main.php641208
30/admin/phpmyadmin-2.6.3/main.php641208
31/administrator/pma2006/main.php641208
32/database/pma2006/main.php641208
33/sql/pma2005/main.php641208
34/database/phpmyadmin/main.php641208
35/sql/phpmyadmin-2.6.2-rc1/main.php641208
36/admin/phpmyadmin2/main.php641208
37/database/databasemanager/main.php641208
38/sql/sqlmanager/main.php641208
39/mysql/phpmyadmin-2.6.3/main.php641208
40/phpmyadmin/main.php641208
41/database/phpmyadmin-2.6.3/main.php641208
42/mysql/pma2006/main.php641208
43/pma2005/main.php641207
44/phpmyadmin-2.6.2-rc1/main.php641208
45/db/dbadmin/main.php641208
46/db/dbmanager/main.php641208
47/administrator/phpmyadmin2/main.php641208
48/database/phpmyadmin-2.6.2-rc1/main.php641209
49/admin/main.php641207
50/pma2006/main.php641207
51/db/phpmyadmin2/main.php641208
52/mysql/main.php641207
53/db/db/main.php641207
54/db/phpmyadmin/main.php641208
55/mysql/phpmyadmin/main.php641208
56/mysql/phpmyadmin-2.6.2-rc1/main.php641209
57/admin/phpmyadmin/main.php641208
58/webmail/readme62282
59/mail/readme62282
60/rc/readme62282
61/readme62282
62/phpmyadmin/scripts/setup.php621204
63/roundcube/readme62282
64/roundcubemail/readme62283
65/phpmyadmin2/config.inc.php54174
66/admin/phpmyadmin-2/main.php321104
67/mysqladmin/main.php321104
68/administrator/phpmyadmin-2.6.0-pl2/main.php321105
69/administrator/php-myadmin/main.php321104
70/db/dbweb/main.php321104
71/admin/mysqlmanager/main.php321104
72/administrator/phpmyadmin-2.6.1-pl1/main.php321105
73/sql/dbadmin/main.php321104
74/db/phpmyadmin-2.8.0/main.php321104
75/database/phpmyadmin-2.5.5/main.php321104
76/db/phpmyadmin-2.6.0-alpha2/main.php321104
77/administrator/phpmyadmin-2.6.0-pl1/main.php321105
78/mysql/phpmyadmin-2.8.0-rc1/main.php321104
79/database/phpmyadmin-2.7.0-pl2/main.php321104
80/sql/phpmyadmin-2.5.4/main.php321104
81/admin/phpmyadmin-2.5.1/main.php321104
82/phpmyadmin-2.5.7-pl1/main.php321104
83/admin/phpmyadmin-2.8.0.2/main.php321104
84/administrator/phpmyadmin-2.7.0-beta1/main.php321105
85/administrator/phpmyadmin-2.6.4/main.php321104
86/sqlmanager/main.php321104
87/mysql/phpmyadmin-2.8.1/main.php321104
88/database/phpmyadmin-2.6.3-pl1/main.php321104
89/database/phpmyadmin-2.6.2-beta1/main.php321104
90/database/phpmyadmin-2.5.7/main.php321104
91/database/phpmyadmin-2.2.3/main.php321104
92/admin/sqladmin/main.php321104
93/admin/phpmyadmin-2.6.4-pl3/main.php321104
94/database/phpmyadmin-2.6.0-pl2/main.php321104
95/admin/phpmyadmin-2.6.3-pl1/main.php321104
96/administrator/phpmyadmin-2.6.4-rc1/main.php321105
97/database/phpmyadmin-2.6.4-pl1/main.php321104
98/phpmyadmin-2.6.1-pl3/main.php321104
99/admin/phpmyadmin-2.6.1-pl3/main.php321104
100/admin/phpmyadmin-2.8.0-beta1/main.php321104
101/administrator/myadmin/main.php321104
102/sql/phpmyadmin-2.6.1-pl2/main.php321104
103/administrator/phpmy-admin/main.php321104
104/administrator/pma/main.php321104
105/database/phpmyadmin-2.6.0-pl1/main.php321104
106/sql/db/main.php321104
107/admin/phpmyadmin-2.6.0-beta2/main.php321104
108/sql/phpmyadmin-2.5.1/main.php321104
109/database/phpmyadmin-2.6.2-pl1/main.php321104
110/administrator/phpmyadmin-2.5.1/main.php321104
111/pma/main.php321104
112/database/phpmyadmin-2.6.0-rc3/main.php321104
113/database/phpmyadmin-2.8.0.4/main.php321104
114/administrator/mysql/main.php321104
115/db/phpmyadmin-2.6.3-rc1/main.php321104
116/mysql/phpmyadmin-2.7.0-pl1/main.php321104
117/db/phpmyadmin-2.6.0-beta2/main.php321104
118/phpmyadmin-2.5.6-rc1/main.php321104
119/mysql/phpmyadmin-2.6.0-rc2/main.php321104
120/sql/phpmyadmin-2.8.0.2/main.php321104
121/mysql-admin/main.php321104
122/admin/db/main.php321104
123/db/phpmyadmin-2.5.4/main.php321104
124/db/phpmyadmin-2.8.0.3/main.php321104
125/database/phpmyadmin-2.7.0/main.php321104
126/mysql/phpmyadmin-2.6.0-pl2/main.php321104
127/admin/phpmyadmin-2.7.0-pl1/main.php321104
128/mysql/phpmyadmin-2.8.0.3/main.php321104
129/phpmyadmin-2.6.4-pl1/main.php321104
130/database/phpmyadmin-2.7.0-pl1/main.php321104
131/administrator/phpmyadmin-2.6.4-pl4/main.php321105
132/admin/websql/main.php321104
133/mysql/webadmin/main.php321104
134/admin/phpmyadmin-2.6.0-pl1/main.php321104
135/mysql/web/main.php321104
136/db/phpmyadmin-2.6.4-pl3/main.php321104
137/sql/phpmyadmin-2.6.0/main.php321104
138/db/phpmyadmin-2.2.6/main.php321104
139/db/phpmyadmin-2.8.0.4/main.php321104
140/administrator/webdb/main.php321104
141/db/phpmyadmin-2.6.4/main.php321104
142/admin/phpmyadmin-2.6.0-alpha2/main.php321104
143/administrator/phpmyadmin-2.6.3-rc1/main.php321105
144/administrator/phpmyadmin-2.6.1-rc1/main.php321105
145/phpmyadmin-2.5.5-rc1/main.php321104
146/administrator/phpmyadmin-2.5.6-rc2/main.php321105
147/admin/myadmin/main.php321104
148/db/phpmyadmin-2.5.7-pl1/main.php321104
149/database/phpmyadmin-2.5.5-rc2/main.php321104
150/admin/phpmyadmin-2.5.6-rc2/main.php321104
151/mysql/phpmy-admin/main.php321104
152/phpmyadmin-2.8.0-rc2/main.php321104
153/admin/phpmyadmin-2.8.0/main.php321104
154/admin/phpmyadmin-2.8.1/main.php321104
155/db/phpmyadmin-2/main.php321104
156/database/phpmyadmin-2.5.7-pl1/main.php321104
157/admin/phpmyadmin-2.5.4/main.php321104
158/administrator/phpmyadmin-2.6.1-rc2/main.php321105
159/administrator/phpmyadmin-2.5.6-rc1/main.php321105
160/mysqlmanager/main.php321104
161/sql/phpmyadmin-2/main.php321104
162/database/phpmyadmin-2.5.6-rc2/main.php321104
163/mysql/phpmyadmin-2.5.5-rc2/main.php321104
164/mysql/phpmyadmin-2.6.1-pl3/main.php321104
165/sql/phpmyadmin-2.6.0-rc3/main.php321104
166/mysql/phpmyadmin-2.6.2-beta1/main.php321104
167/sql/phpmyadmin-2.7.0-pl1/main.php321104
168/sql/phpmyadmin-2.8.0.3/main.php321104
169/administrator/phpmyadmin-2.6.1-pl3/main.php321105
170/phpmyadmin-2.6.0-alpha2/main.php321104
171/mysql/admin/main.php321104
172/administrator/main.php321104
173/mysql/phpmyadmin-2.6.1-pl2/main.php321104
174/db/phpmyadmin-2.5.5-rc1/main.php321104
175/database/phpmyadmin-2.6.1-rc2/main.php321104
176/phpmyadmin-2.6.1-pl1/main.php321104
177/phpmyadmin-2.6.2-pl1/main.php321104
178/phpmyadmin-2.6.0/main.php321104
179/database/web/main.php321104
180/administrator/phpmyadmin-2.5.7/main.php321104
181/sql/pma/main.php321104
182/administrator/phpmyadmin-2.6.4-pl3/main.php321105
183/mysql/phpmyadmin-2.6.0-rc3/main.php321104
184/database/phpmyadmin-2.5.5-rc1/main.php321104
185/mysql/phpmyadmin-2.6.0-alpha2/main.php321104
186/mysql/pma/main.php321104
187/mysql/mysql-admin/main.php321104
188/admin/php-myadmin/main.php321104
189/admin/phpmyadmin-2.5.6-rc1/main.php321104
190/db/phpmyadmin-2.7.0-pl2/main.php321104
191/database/phpmyadmin-2.8.1-rc1/main.php321104
192/admin/phpmyadmin-2.6.0-rc3/main.php321104
193/admin/phpmyadmin-2.5.5-rc1/main.php321104
194/administrator/phpmyadmin-2.8.0.3/main.php321104
195/mysql/db/main.php321104
196/sql/admin/main.php321104
197/mysql/phpmyadmin-2.8.0.1/main.php321104
198/mysql/phpmyadmin-2.6.4-pl3/main.php321104
199/mysql/phpmyadmin-2.6.4-pl2/main.php321104
200/database/phpmyadmin-2.6.4-pl4/main.php321104
201/db/phpmyadmin-2.8.1/main.php321104
202/mysql/phpmyadmin-2.5.5-pl1/main.php321104
203/db/phpmyadmin-2.6.0-beta1/main.php321104
204/phpmyadmin-2.5.5/main.php321104
205/admin/phpmyadmin-2.8.2/main.php321104
206/administrator/admin/main.php321104
207/db/phpmyadmin-2.6.0-pl1/main.php321104
208/phpmyadmin-2.6.2/main.php321104
209/phpmyadmin-2.6.1-rc2/main.php321104
210/mysql/websql/main.php321104
211/db/phpmyadmin-2.5.6-rc2/main.php321104
212/sql/phpmyadmin-2.6.4/main.php321104
213/administrator/phpmyadmin-2.5.4/main.php321104
214/sql/phpmyadmin-2.7.0/main.php321104
215/mysql/phpmyadmin-2.6.3-pl1/main.php321104
216/sql/phpmyadmin-2.5.5-rc1/main.php321104
217/p/m/a/main.php321104
218/admin/mysql/main.php321104
219/mysql/phpmyadmin-2.6.4-rc1/main.php321104
220/database/phpmyadmin-2.6.4-rc1/main.php321104
221/phpmyadmin-2.8.0.4/main.php321104
222/mysql/phpmyadmin-2.6.3-rc1/main.php321104
223/admin/phpmyadmin-2.6.0-alpha/main.php321104
224/admin/phpmyadmin-2.8.0-rc2/main.php321104
225/mysql/phpmyadmin-2.6.0-beta1/main.php321104
226/websql/main.php321104
227/admin/phpmyadmin-2.6.0-beta1/main.php321104
228/sql/php-myadmin/main.php321104
229/phpmyadmin-2.7.0-pl2/main.php321104
230/sql/sql-admin/main.php321104
231/db/phpmyadmin-2.6.0-rc2/main.php321104
232/admin/phpmanager/main.php321104
233/db/phpmyadmin-2.6.0-alpha/main.php321104
234/phpmyadmin-2.5.5-rc2/main.php321104
235/db/phpmyadmin-2.8.2/main.php321104
236/phpmyadmin-2.6.1-rc1/main.php321104
237/database/myadmin/main.php321104
238/administrator/phpmyadmin-2.2.3/main.php321104
239/mysql/mysql/main.php321104
240/administrator/phpmyadmin-2.6.2/main.php321104
241/administrator/phpmyadmin-2.6.0-rc3/main.php321105
242/sql/webadmin/main.php321104
243/sql/phpmyadmin-2.7.0-pl2/main.php321104
244/admin/sqlweb/main.php321104
245/administrator/phpmyadmin-2.5.5-rc1/main.php321105
246/mysql/phpmyadmin-2.5.6-rc1/main.php321104
247/webdb/main.php321104
248/php-myadmin/main.php321104
249/sql/phpmyadmin-2.6.1-pl1/main.php321104
250/db/phpmyadmin-2.6.4-pl2/main.php321104
251/database/phpmyadmin-2.8.1/main.php321104
252/webadmin/main.php321104
253/web/main.php321104
254/db/phpmyadmin-2.8.1-rc1/main.php321104
255/sqlweb/main.php321104
256/admin/phpmyadmin-2.6.4-rc1/main.php321104
257/mysql/phpmyadmin-2.5.5-rc1/main.php321104
258/sql/phpmyadmin-2.8.0.1/main.php321104
259/phpmyadmin-2.7.0-rc1/main.php321104
260/administrator/webadmin/main.php321104
261/sql/phpmyadmin-2.6.0-beta2/main.php321104
262/mysql/phpmyadmin-2.6.0-rc1/main.php321104
263/sql/phpmyadmin-2.7.0-beta1/main.php321104
264/administrator/phpmyadmin-2.8.0.1/main.php321104
265/sql/phpmy-admin/main.php321104
266/database/phpmy-admin/main.php321104
267/db/phpmyadmin-2.6.4-rc1/main.php321104
268/admin/mysql-admin/main.php321104
269/administrator/phpmyadmin-2.8.2/main.php321104
270/administrator/phpmyadmin-2.5.6/main.php321104
271/db/phpmyadmin-2.8.0.1/main.php321104
272/database/admin/main.php321104
273/administrator/phpmyadmin-2.6.0/main.php321104
274/admin/p/m/a/main.php321104
275/mysql/php-my-admin/main.php321104
276/db/phpmyadmin-2.6.1-pl2/main.php321104
277/phpmyadmin-2.6.0-pl1/main.php321104
278/mysql/myadmin/main.php321104
279/admin/phpmyadmin-2.2.3/main.php321104
280/mysql/phpmyadmin-2.6.0-beta2/main.php321104
281/sql/phpmyadmin-2.6.0-pl1/main.php321104
282/sql/phpmyadmin-2.5.7-pl1/main.php321104
283/database/php-myadmin/main.php321104
284/admin/phpmyadmin-2.6.0/main.php321104
285/database/phpmyadmin-2.7.0-rc1/main.php321104
286/mysql/phpmyadmin-2.8.0/main.php321104
287/sql/phpmyadmin-2.5.7/main.php321104
288/administrator/php-my-admin/main.php321104
289/db/phpmyadmin-2.6.0/main.php321104
290/database/phpmyadmin-2.6.0-alpha/main.php321104
291/db/phpmyadmin-2.8.0-rc1/main.php321104
292/phpmy-admin/main.php321104
293/phpmyadmin-2.8.0.2/main.php321104
294/administrator/phpmyadmin-2.6.0-rc2/main.php321105
295/sql/p/m/a/main.php321104
296/administrator/mysqlmanager/main.php321104
297/phpmyadmin-2.6.0-beta1/main.php321104
298/administrator/phpmyadmin-2.6.3-pl1/main.php321105
299/mysql/phpmyadmin-2.6.1/main.php321104
300/database/phpmyadmin-2.6.4-pl3/main.php321104
301/administrator/phpmyadmin-2.7.0-pl2/main.php321105
302/sql/phpmyadmin-2.5.5-pl1/main.php321104
303/phpmyadmin-2.8.0.3/main.php321104
304/phpmyadmin-2.7.0-beta1/main.php321104
305/phpmyadmin-2.2.6/main.php321104
306/phpmyadmin-2.6.4-rc1/main.php321104
307/phpmyadmin-2.6.4-pl2/main.php321104
308/database/phpmyadmin-2.8.0.2/main.php321104
309/sql/php-my-admin/main.php321104
310/db/phpmyadmin-2.6.4-pl4/main.php321104
311/phpmyadmin-2.7.0-pl1/main.php321104
312/sql/phpmyadmin-2.8.0-beta1/main.php321104
313/phpmyadmin-2.8.1-rc1/main.php321104
314/administrator/dbadmin/main.php321104
315/mysql/phpmyadmin-2.6.2/main.php321104
316/admin/webdb/main.php321104
317/myadmin/main.php321104
318/admin/phpmyadmin-2.8.0.3/main.php321104
319/sql/sqladmin/main.php321104
320/database/phpmyadmin-2.6.1/main.php321104
321/admin/phpmyadmin-2.8.0-rc1/main.php321104
322/phpmyadmin-2.8.0.1/main.php321104
323/admin/phpmyadmin-2.2.6/main.php321104
324/administrator/phpmyadmin-2.8.1/main.php321104
325/sql/phpmyadmin-2.6.0-rc2/main.php321104
326/admin/webadmin/main.php321104
327/db/phpmyadmin-2.6.2-beta1/main.php321104
328/mysql/php-myadmin/main.php321104
329/mysql/phpmyadmin-2.5.5/main.php321104
330/administrator/phpmyadmin-2.6.0-alpha2/main.php321105
331/mysql/sqlmanager/main.php321104
332/sql/phpmanager/main.php321104
333/phpmyadmin-2.5.5-pl1/main.php321104
334/mysql/phpmyadmin-2.7.0-pl2/main.php321104
335/sql/phpmyadmin-2.5.5/main.php321104
336/db/phpmyadmin-2.6.0-rc3/main.php321104
337/administrator/phpmyadmin-2.8.0-beta1/main.php321105
338/sql/phpmyadmin-2.6.4-pl1/main.php321104
339/db/websql/main.php321104
340/mysql/phpmyadmin-2.8.0-rc2/main.php321104
341/database/phpmyadmin-2.7.0-beta1/main.php321104
342/mysql/phpmyadmin-2.6.1-pl1/main.php321104
343/sql/phpmyadmin-2.6.4-pl4/main.php321104
344/mysql/phpmyadmin-2.6.0-pl3/main.php321104
345/sql/phpmyadmin-2.6.4-rc1/main.php321104
346/db/phpmyadmin-2.6.1-rc1/main.php321104
347/mysql/webdb/main.php321104
348/db/php-my-admin/main.php321104
349/mysql/phpmyadmin-2.6.2-pl1/main.php321104
350/phpmyadmin-2.6.1-pl2/main.php321104
351/phpmyadmin-2.6.3-rc1/main.php321104
352/mysql/phpmyadmin-2.6.4-pl1/main.php321104
353/phpmyadmin-2.8.1/main.php321104
354/database/phpmyadmin-2.8.0.1/main.php321104
355/admin/phpmyadmin-2.6.0-rc2/main.php321104
356/database/phpmyadmin-2.6.0/main.php321104
357/administrator/db/main.php321104
358/sql/sqlweb/main.php321104
359/admin/web/main.php321104
360/admin/phpmyadmin-2.6.1-pl2/main.php321104
361/phpmyadmin-2.6.0-pl2/main.php321104
362/db/phpmyadmin-2.6.2/main.php321104
363/db/admin/main.php321104
364/phpmyadmin-2.5.6/main.php321104
365/phpmyadmin-2.7.0/main.php321104
366/database/phpmyadmin-2.6.1-rc1/main.php321104
367/database/phpmyadmin-2.6.0-beta1/main.php321104
368/mysql/mysqlmanager/main.php321104
369/admin/phpmyadmin-2.6.0-pl2/main.php321104
370/database/phpmyadmin-2.5.4/main.php321104
371/sql/phpmyadmin-2.6.0-pl2/main.php321104
372/database/phpmyadmin-2.6.1-pl2/main.php321104
373/db/phpmyadmin-2.6.3-pl1/main.php321104
374/admin/phpmyadmin-2.5.7/main.php321104
375/database/phpmyadmin-2.5.1/main.php321104
376/sql/phpmyadmin-2.8.0-rc2/main.php321104
377/database/phpmanager/main.php321104
378/sql/phpmyadmin-2.8.1/main.php321104
379/phpmyadmin-2.6.0-pl3/main.php321104
380/administrator/phpmyadmin-2.6.4-pl1/main.php321105
381/database/phpmyadmin-2.6.0-beta2/main.php321104
382/sql/phpmyadmin-2.6.0-alpha2/main.php321104
383/database/phpmyadmin-2.8.0/main.php321104
384/sql/phpmyadmin-2.6.4-pl2/main.php321104
385/mysql/mysqladmin/main.php321104
386/administrator/phpmanager/main.php321104
387/database/phpmyadmin-2.6.0-pl3/main.php321104
388/sql/phpmyadmin-2.6.2-pl1/main.php321104
389/sql/web/main.php321104
390/db/phpmyadmin-2.6.1-pl1/main.php321104
391/sql/phpmyadmin-2.6.0-alpha/main.php321104
392/sql/webdb/main.php321104
393/mysql/phpmyadmin-2.8.0.4/main.php321104
394/administrator/phpmyadmin-2.8.0-rc1/main.php321105
395/mysql/phpmyadmin-2.7.0-rc1/main.php321104
396/db/phpmyadmin-2.5.6-rc1/main.php321104
397/database/webdb/main.php321104
398/admin/phpmyadmin-2.7.0/main.php321104
399/sql/phpmyadmin-2.6.3-rc1/main.php321104
400/admin/phpmyadmin-2.6.0-rc1/main.php321104
401/db/webdb/main.php321104
402/phpmyadmin-2.8.0/main.php321104
403/database/phpmyadmin-2.6.4/main.php321104
404/administrator/phpmyadmin-2.7.0-pl1/main.php321105
405/db/phpmyadmin-2.6.1/main.php321104
406/mysql/phpmyadmin-2.8.0-beta1/main.php321104
407/db/phpmyadmin-2.6.1-rc2/main.php321104
408/db/phpmyadmin-2.7.0/main.php321104
409/sql/myadmin/main.php321104
410/administrator/phpmyadmin-2.6.0-pl3/main.php321105
411/db/phpmy-admin/main.php321104
412/sql/phpmyadmin-2.6.2-beta1/main.php321104
413/db/phpmyadmin-2.5.5/main.php321104
414/admin/pma/main.php321104
415/phpmyadmin-2.2.3/main.php321104
416/mysql/phpmyadmin-2.6.0-alpha/main.php321104
417/sql/phpmyadmin-2.5.6/main.php321104
418/mysql/phpmyadmin-2.5.7/main.php321104
419/db/phpmyadmin-2.6.0-pl2/main.php321104
420/admin/phpmyadmin-2.6.1/main.php321104
421/admin/php-my-admin/main.php321104
422/db/phpmyadmin-2.7.0-pl1/main.php321104
423/sql/phpmyadmin-2.8.1-rc1/main.php321104
424/phpmyadmin-2.8.0-rc1/main.php321104
425/phpmyadmin-2.5.7/main.php321104
426/administrator/phpmyadmin-2.8.1-rc1/main.php321105
427/sql/phpmyadmin-2.2.3/main.php321104
428/db/phpmyadmin-2.6.2-pl1/main.php321104
429/admin/phpmyadmin-2.6.4-pl2/main.php321104
430/db/phpmyadmin-2.6.0-pl3/main.php321104
431/database/databaseweb/main.php321104
432/admin/phpmyadmin-2.6.2/main.php321104
433/mysql/phpmyadmin-2/main.php321104
434/database/phpmyadmin-2.6.0-rc1/main.php321104
435/mysql/phpmyadmin-2.2.6/main.php321104
436/db/phpmyadmin-2.6.4-pl1/main.php321104
437/administrator/phpmyadmin-2.8.0/main.php321104
438/mysql/phpmyadmin-2.5.1/main.php321104
439/admin/phpmyadmin-2.7.0-rc1/main.php321104
440/admin/phpmyadmin-2.5.7-pl1/main.php321104
441/db/phpmyadmin-2.5.1/main.php321104
442/phpmyadmin-2.6.2-beta1/main.php321104
443/db/web/main.php321104
444/database/webadmin/main.php321104
445/db/phpmanager/main.php321104
446/phpmyadmin-2.6.0-rc1/main.php321104
447/database/phpmyadmin-2.6.0-alpha2/main.php321104
448/mysql/phpmyadmin-2.6.4/main.php321104
449/administrator/phpmyadmin-2.6.0-alpha/main.php321105
450/db/myadmin/main.php321104
451/admin/phpmyadmin-2.5.6/main.php321104
452/mysql/phpmyadmin-2.7.0-beta1/main.php321104
453/sql/phpmyadmin-2.2.6/main.php321104
454/sql/phpmyadmin-2.6.1-rc2/main.php321104
455/admin/phpmyadmin-2.6.2-pl1/main.php321104
456/mysql/phpmyadmin-2.6.4-pl4/main.php321104
457/administrator/phpmyadmin-2.8.0.4/main.php321104
458/db/phpmyadmin-2.8.0.2/main.php321104
459/database/phpmyadmin-2.2.6/main.php321104
460/administrator/sqlmanager/main.php321104
461/admin/phpmyadmin-2.6.0-pl3/main.php321104
462/phpmyadmin-2.6.0-beta2/main.php321104
463/mysql/phpmyadmin-2.6.1-rc1/main.php321104
464/mysql/phpmyadmin-2.5.6-rc2/main.php321104
465/database/phpmyadmin-2.5.6/main.php321104
466/admin/phpmyadmin-2.5.5/main.php321104
467/mysql/phpmyadmin-2.6.1-rc2/main.php321104
468/db/phpmyadmin-2.8.0-beta1/main.php321104
469/mysql/phpmyadmin-2.5.7-pl1/main.php321104
470/admin/phpmyadmin-2.5.5-pl1/main.php321104
471/admin/sqlmanager/main.php321104
472/phpmyadmin-2.6.0-rc2/main.php321104
473/administrator/phpmyadmin-2.5.5/main.php321104
474/phpmyadmin-2.6.4-pl3/main.php321104
475/phpmyadmin-2.6.3-pl1/main.php321104
476/db/pma/main.php321104
477/sql/phpmyadmin-2.8.0.4/main.php321104
478/phpmyadmin-2.6.0-rc3/main.php321104
479/dbadmin/main.php321104
480/administrator/phpmyadmin-2/main.php321104
481/mysql/dbadmin/main.php321104
482/db/phpmyadmin-2.5.5-pl1/main.php321104
483/db/phpmyadmin-2.6.1-pl3/main.php321104
484/admin/phpmyadmin-2.6.4-pl1/main.php321104
485/admin/phpmyadmin-2.6.4-pl4/main.php321104
486/admin/phpmyadmin-2.8.0.4/main.php321104
487/sql/main.php321104
488/database/phpmyadmin-2.6.3-rc1/main.php321104
489/admin/mysqladmin/main.php321104
490/db/webadmin/main.php321104
491/mysql/phpmyadmin-2.8.1-rc1/main.php321104
492/db/phpmyadmin-2.5.6/main.php321104
493/sql/phpmyadmin-2.6.1-rc1/main.php321104
494/mysql/phpmyadmin-2.8.2/main.php321104
495/database/phpmyadmin-2.6.2/main.php321104
496/mysql/phpmyadmin-2.5.6/main.php321104
497/admin/phpmyadmin-2.8.1-rc1/main.php321104
498/admin/sysadmin/main.php321104
499/php-my-admin/main.php321104
500/mysql/phpmyadmin-2.7.0/main.php321104
501/sql/phpmyadmin-2.5.6-rc1/main.php321104
502/db/phpmyadmin-2.5.5-rc2/main.php321104
503/db/phpmyadmin-2.2.3/main.php321104
504/administrator/phpmyadmin-2.7.0-rc1/main.php321105
505/admin/phpmyadmin-2.8.0.1/main.php321104
506/sql/phpmyadmin-2.6.3-pl1/main.php321104
507/phpmyadmin-2/main.php321104
508/administrator/mysqladmin/main.php321104
509/administrator/mysql-admin/main.php321104
510/administrator/web/main.php321104
511/database/php-my-admin/main.php321104
512/administrator/phpmyadmin-2.2.6/main.php321104
513/administrator/phpmyadmin-2.5.5-rc2/main.php321105
514/sql/phpmyadmin-2.6.0-rc1/main.php321104
515/phpmanager/main.php321104
516/database/phpmyadmin-2.8.0-rc2/main.php321104
517/administrator/phpmyadmin-2.7.0/main.php321104
518/administrator/phpmyadmin-2.6.0-beta1/main.php321105
519/phpmyadmin-2.6.0-alpha/main.php321104
520/administrator/sqlweb/main.php321104
521/database/phpmyadmin-2.5.5-pl1/main.php321104
522/phpmyadmin-2.5.4/main.php321104
523/sql/websql/main.php321104
524/administrator/phpmyadmin-2.8.0.2/main.php321104
525/sql/phpmyadmin-2.8.0/main.php321104
526/administrator/phpmyadmin-2.5.7-pl1/main.php321105
527/admin/phpmyadmin-2.6.1-pl1/main.php321104
528/sql/phpmyadmin-2.6.4-pl3/main.php321104
529/admin/phpmy-admin/main.php321104
530/database/phpmyadmin-2.6.4-pl2/main.php321104
531/database/phpmyadmin-2.6.1-pl3/main.php321104
532/sql/phpmyadmin-2.8.2/main.php321104
533/mysql/phpmyadmin-2.6.0/main.php321104
534/admin/phpmyadmin-2.6.3-rc1/main.php321104
535/db/db-admin/main.php321104
536/mysql/phpmyadmin-2.8.0.2/main.php321104
537/administrator/phpmyadmin-2.6.2-pl1/main.php321105
538/administrator/phpmyadmin-2.8.0-rc2/main.php321105
539/db/phpmyadmin-2.6.0-rc1/main.php321104
540/db/phpmyadmin-2.7.0-beta1/main.php321104
541/admin/phpmyadmin-2.6.1-rc2/main.php321104
542/phpmyadmin-2.8.0-beta1/main.php321104
543/database/database-admin/main.php321104
544/phpmyadmin-2.5.6-rc2/main.php321104
545/database/phpmyadmin-2.6.0-rc2/main.php321104
546/db/php-myadmin/main.php321104
547/database/phpmyadmin-2.5.6-rc1/main.php321104
548/administrator/phpmyadmin-2.6.0-rc1/main.php321105
549/database/phpmyadmin-2.8.0-rc1/main.php321104
550/administrator/phpmyadmin-2.6.2-beta1/main.php321105
551/sql/phpmyadmin-2.6.1/main.php321104
552/database/phpmyadmin-2.6.1-pl1/main.php321104
553/phpmyadmin-2.6.4/main.php321104
554/db/phpmyadmin-2.7.0-rc1/main.php321104
555/admin/phpmyadmin-2.6.1-rc1/main.php321104
556/sql/phpmyadmin-2.5.5-rc2/main.php321104
557/mysql/phpmyadmin-2.5.4/main.php321104
558/phpmyadmin-2.6.1/main.php321104
559/mysql/phpmyadmin-2.6.0-pl1/main.php321104
560/sql/phpmyadmin-2.6.0-beta1/main.php321104
561/sql/phpmyadmin-2.5.6-rc2/main.php321104
562/administrator/phpmyadmin-2.6.1/main.php321104
563/admin/phpmyadmin-2.7.0-beta1/main.php321104
564/sql/phpmyadmin-2.8.0-rc1/main.php321104
565/sql/phpmyadmin-2.7.0-rc1/main.php321104
566/db/p/m/a/main.php321104
567/administrator/phpmyadmin-2.5.5-pl1/main.php321105
568/administrator/p/m/a/main.php321104
569/mysql/sqlweb/main.php321104
570/sql/phpmyadmin-2.6.2/main.php321104
571/database/phpmyadmin-2/main.php321104
572/admin/phpmyadmin-2.7.0-pl2/main.php321104
573/admin/phpmyadmin-2.5.5-rc2/main.php321104
574/database/p/m/a/main.php321104
575/database/websql/main.php321104
576/admin/phpmyadmin-2.6.4/main.php321104
577/sql/phpmyadmin-2.6.0-pl3/main.php321104
578/database/phpmyadmin-2.8.0-beta1/main.php321104
579/phpmyadmin-2.5.1/main.php321104
580/mysql/p/m/a/main.php321104
581/phpmyadmin-2.8.2/main.php321104
582/admin/phpmyadmin-2.6.2-beta1/main.php321104
583/db/phpmyadmin-2.8.0-rc2/main.php321104
584/administrator/websql/main.php321104
585/sql/phpmyadmin-2.6.1-pl3/main.php321104
586/sql/sql/main.php321104
587/database/pma/main.php321104
588/database/phpmyadmin-2.8.2/main.php321104
589/database/phpmyadmin-2.8.0.3/main.php321104
590/administrator/phpmyadmin-2.6.4-pl2/main.php321105
591/database/main.php321104
592/phpmyadmin-2.6.4-pl4/main.php321104
593/administrator/phpmyadmin-2.6.0-beta2/main.php321105
594/mysql/phpmanager/main.php321104
595/mysql/phpmyadmin-2.2.3/main.php321104
596/administrator/phpmyadmin-2.6.1-pl2/main.php321105
597/db/phpmyadmin-2.5.7/main.php321104
598/scripts/setup.php311102
599/thisdoesnotexistahaha.php31142
600/mysql/config/config.inc.php27137
601/php-my-admin/config/config.inc.php27137
602/webmail/config.inc.php27137
603/admin/config/config.inc.php27137
604/dbadmin/config/config.inc.php27137
605/mail/config.inc.php27137
606/myadmin/config/config.inc.php27137
607/config/config.inc.php27137
608/phppgadmin/config.inc.php27137
609/pp/anp.php7711
610/cgi-bin/textenv.pl4114
Total(s)22,819 72,292
Average(s)37 118

Why you should care about this?

Well for one, if bad requests are being made to your client's websites this is going to inflate the stats, making it hard to determine what is real traffic and what is hackers and bots.  The second is if you are dependent on third party website in a box systems, you might want to take this serious.  Your laziness and lack of know how to make your own stuff from scratch may ultimately be your downfall if a hacker takes over your website.  Remember Windows OS is the most hacked not because its not secure, but because its so widely used hackers can validate putting the resources into hacking it.  While Mac OS just doesn't have the same value to hack, as the exploits will only work on so many systems.   Anyway I hope this helps others out.  If you are on a shared hosting account call your hosting company's technical support and ask them to remove the catch all binding from your website.

Permalink
1797 Visitors
3726 Views

Categories associated with Website Security Tip remove catch all bindings

Discussion

No Comments have been submitted
name
Email Needed to confirm comment, but not made public.
Website
 
Type Code
Security Check
 
When you Post your Comment, you'll be sent a confirmation link. Once you click this link your thoughts will be made public.. Posts that are considered spam will be deleted, Please keep your thoughts and links relavent to this Article