Apache Attack

angelo.c · 03-29-2012, 09:22 PM

Hello,everyone!

I read my apache access log from time to time and discovered these this morning:

Quote:

118.123.240.176 - - [30/Mar/2012:04:22:34 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec

HTTP/1.1" 401 401 "-" "ZmEu"
118.123.240.176 - - [30/Mar/2012:04:22:34 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 401 401 "-" "ZmEu"
118.123.240.176 - - [30/Mar/2012:04:22:34 +0800] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 401 401 "-" "ZmEu"
118.123.240.176 - - [30/Mar/2012:04:22:34 +0800] "GET /pma/scripts/setup.php HTTP/1.1" 401 401 "-" "ZmEu"
118.123.240.176 - - [30/Mar/2012:04:22:35 +0800] "GET /myadmin/scripts/setup.php HTTP/1.1" 401 401 "-" "ZmEu"
118.123.240.176 - - [30/Mar/2012:04:22:35 +0800] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 401 401 "-" "ZmEu"

I guess,this robot or any crap like that wanted to guess whether I have phpmyadmin in my web root.Except blocking this ip,is there any method which I can do to prevent any further attack?

Please drop me a line if you have any ideas.

bathory · 03-30-2012, 12:35 AM

Hi,

You can use fail2ban. For blocking phpMyadmin requests, there is already a nice filter here

Regards

angelo.c · 03-30-2012, 01:07 AM

bathory,thanks for the reply.

It seems pretty promising.