First of all I am a tad confused, I have to Apache logs which are www.my-domain.com-access.log and access.log. The access log for my domain has the odd bot connecting to it but access.log has loads of IP's mainly from Russia & China and a few form the USA with things like...

 

98.100.186.95 - - [01/May/2012:22:00:15 +0100] "GET /phpMyAdmin-2.2.3/index.php HTTP/1.1" 404 194

98.100.186.95 - - [01/May/2012:22:00:15 +0100] "GET /phpMyAdmin-2.2.6/index.php HTTP/1.1" 404 195

98.100.186.95 - - [01/May/2012:22:00:15 +0100] "GET /phpMyAdmin-2.5.1/index.php HTTP/1.1" 404 194

98.100.186.95 - - [01/May/2012:22:00:16 +0100] "GET /phpMyAdmin-2.5.4/index.php HTTP/1.1" 404 194

98.100.186.95 - - [01/May/2012:22:00:18 +0100] "GET /phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1" 404 198

98.100.186.95 - - [01/May/2012:22:00:19 +0100] "GET /phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1" 404 198

98.100.186.95 - - [01/May/2012:22:00:19 +0100] "GET /phpMyAdmin-2.5.5/index.php HTTP/1.1" 404 194

98.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1" 404 199

98.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.6/index.php HTTP/1.1" 404 195

98.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.7/index.php HTTP/1.1" 404 195

98.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1" 404 198

61.51.18.235 - - [02/May/2012:11:02:34 +0100] "GET /user/soapCaller.bs HTTP/1.1" 404 186

31.31.200.75 - - [02/May/2012:16:23:27 +0100] "HEAD / HTTP/1.0" 200 -

 

I guess they are looking for particular versions of phpMyAdmin so they can exploit a security hole. Also how come both access are being used and is there an htaccess code I can add to block entire IP ranges? It would be good to have a custom redirect too.

First of all I am a tad confused, I have to Apache logs which are www.my-domain.com-access.log and access.log. The access log for my domain has the odd bot connecting to it but access.log has loads of IP's mainly from Russia & China and a few form the USA with things like...

I guess they are looking for particular versions of phpMyAdmin so they can exploit a security hole. Also how come both access are being used and is there an htaccess code I can add to block entire IP ranges? It would be good to have a custom redirect too.

 

Supposedly this is an IP from Delafield, WI, US. I've seen the same script ran against my server. I've banned the IP from accessing my servers.

 

You should be fine though... They are looking for phpmyadmin that's why you always want to keep it inaccessible from the outside. You can VPN into your network and work in phpmyadmin if necessary or just work with it locally.

 

Get used to it. These scripts are more common than what you may think. Even though you certainly want to block repeated offenders if possible.

access.log catches all the non-domain-specific traffic.

 

I believe it may be possible to restrict access to just your domain-specific account, but I'd have to work out how to block the rest of the traffic. I don't know if using a .htaccess file is sufficient, since it would use the IP address.

 

Someone else may know more about how to do this than I. In the meantime, you'll just have to deal with all that toxic traffic.

 

Regards,

BobS