Hacking web servers: face to face with danger

On cold winter evening, I drank hot coffee and did not suspect that at that time someone from the other side of the planet was trying to get access to my personal data. I have a server in my closet that acts as a gateway and file server's file storage . It is bolted to a web server, which I use to quickly give my friends files via http + screwed wordpress for two people, whose address no one but them knows.
And itch to look at the server's web logs,

119.63.193.55 - - [04 / Jan / 2010: 22: 38: 20 +0600] "GET / HTTP / 1.1" 200 45 "-" "Baiduspider + (+ http: //www.baidu.jp/spider/)"
119.63.198.11 - - [05 / Jan / 2010: 02: 06: 13 +0600] “GET /robots.txt HTTP / 1.1” 404 302 "-" "Baiduspider + (+ http: //www.baidu.com/search /spider.htm) »
83.18.86.179 - - [05 / Jan / 2010: 04: 24: 35 +0600] "GET // phpMyAdmin / HTTP / 1.1" 404 303 "-" "Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98)"
83.18.86.179 - - [05 / Jan / 2010: 04: 24: 35 +0600] "GET // phpmyadmin / HTTP / 1.1" 404 303 "-" "Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98)"
83.18.86.179 - - [05 / Jan / 2010: 04: 24: 36 +0600] "GET // mysql / HTTP / 1.1" 404 300 "-" "Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98)"
83.18.86.179 - - [05 / Jan / 2010: 04: 24: 37 +0600] “GET // HTTP / 1.1" 200 56 "-" "Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98)"
91.189.181.157 - - [05 / Jan / 2010: 10: 48: 24 +0600] "GET // phpMyAdmin / HTTP / 1.1" 404 303 "-" "Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98)"
91.189.181.157 - - [05 / Jan / 2010: 10: 48: 25 +0600] "GET // phpmyadmin / HTTP / 1.1" 404 303 "-" "Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98)"

...
')
168.176.125.116 - - [07 / Jan / 2010: 13: 23: 36 +0600] “GET //admin/config/config.inc.php?p=phpinfo (); HTTP / 1.1 "404 312" - "" Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98) "
168.176.125.116 - - [07 / Jan / 2010: 13: 23: 37 +0600] “GET //dbadmin/config/config.inc.php?p=phpinfo (); HTTP / 1.1 "404 313" - "" Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98) "
168.176.125.116 - - [07 / Jan / 2010: 13: 23: 38 +0600] “GET //mysql/config/config.inc.php?p=phpinfo (); HTTP / 1.1 "404 312" - "" Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98) "
168.176.125.116 - - [07 / Jan / 2010: 13: 23: 39 +0600] “GET //php-my-admin/config/config.inc.php?p=phpinfo (); HTTP / 1.1 "404 316" - "" Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98) "
168.176.125.116 - - [07 / Jan / 2010: 13: 23: 40 +0600] “GET //myadmin/config/config.inc.php?p=phpinfo (); HTTP / 1.1 "404 314" - "" Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98) "
168.176.125.116 - - [07 / Jan / 2010: 13: 23: 41 +0600] “GET //PHPMYADMIN/config/config.inc.php?p=phpinfo (); HTTP / 1.1 "404 316" - "" Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98) "
168.176.125.116 - - [07 / Jan / 2010: 13: 23: 42 +0600] “GET //phpMyAdmin/config/config.inc.php?p=phpinfo (); HTTP / 1.1 "404 315" - "" Mozilla / 4.0 (compatible; MSIE 6.0; Windows 98) "
168.176.125.116 - - [07 / Jan / 2010: 13: 23: 43 +0600] “GET //p/m/a/config/config.inc.php?p=phpinfo (); HTTP / 1.1 "404 312" - "

I never even thought that the servers of hapless and forgetful administrators just and unobtrusively hacked like this. Within a few days I received a mountain of similar requests from different addresses.

Beginner admin can find a sea of ​​faqs in which it is written how to configure apache + mysql, but rarely in which one of them can be found the line

After setting up the database, you need to change the path to phpMyAdmin or remove it from www or write .htaccess files

conclusions tezisno:

• % habra_user%, look in your www and check if there is too much
• those who take the first steps: take the time to search for information on how to protect your server
• it is very useful to look in the logs