What is wmtips.com?

Forum Moderators: open

Message Too Old, No Replies

What is wmtips.com?

Possible hacker using this site?

grandma genie

7:13 pm on Sep 17, 2010 (gmt 0)

Hi,
I found this in my server logs today:

174.37.nn.nnn - - [17/Sep/2010:11:50:43 -0400] "GET /MyAdmin/index.php HTTP/1.1" 404 8747 "www.wmtips.com/tools/info/?url=mywebsite.com%2FMyAdmin%2Findex.php&src=chrome&v=1.0" "Mozilla/5.0 (compatible; wmtips.com/1.0; +www.wmtips.com/tools/)"

It looks like whoever this visitor is, they were using wmtips.com to try to gain access to sensitive information about my site. And it was specifically targeting my site. I banned their IP, but wonder about that site. Does anyone know about wmtips.com. I didn't see it mentioned in a search in webmasterworld. Or is this just some innocent thing I don't understand?

Grandma_genie

incrediBILL

7:47 pm on Sep 17, 2010 (gmt 0)

That site may be compromised and it looks like they're hitting your site for PHP MyAdmin.

This is probably just a probing run to see if PHP MyAdmin responds, the real hacking will happen later.

If you have PHP MyAdmin, I would look into securing it to the max ASAP.

grandma genie

8:04 pm on Sep 17, 2010 (gmt 0)

Hi incrediBILL, I called my hosting company and told them about this. I also remembered that I had asked them to install some security files on the site, and they told me they had done the install today. So it's possible the server logs were showing that guy testing the site for security. I have sent the log entries to the host and asked them to be sure it was their tech guy and not some hacker. Thank you for your warnings.