date
10 May 2019 Friday. 22:11:22 UTC
scammer/abuser
211.57.200.104
description
Script that discovered my unprotected phpmyadmin on a home test server, dumped my mysql databse of useless test data, and left the below ransom message:
"To recover your lost data : Send 0.045 BTC to our BitCoin Address and Contact us by eMail with your server IP Address or Domain Name and a Proof of Payment. Any eMail without your server IP Address or Domain Name and a Proof of Payment together will be ignored. Your File and DataBase is downloaded and backed up on our servers. If we dont receive your payment,we will delete your databases."
It's okay buddy, you can delete those 5 row's of irrelevant text.
The related Apache access log entry:
(Yes, the credentials were root:root)
211.57.200.104 - - \ "GET /phpmyadmin/index.php?pma_username=root&pma_password=root&server=1 HTTP/1.1" 302 958 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36"