jayuk20 Posted May 2, 2012 Report Share Posted May 2, 2012 First of all I am a tad confused, I have to Apache logs which are www.my-domain.com-access.log and access.log. The access log for my domain has the odd bot connecting to it but access.log has loads of IP's mainly from Russia & China and a few form the USA with things like... 98.100.186.95 - - [01/May/2012:22:00:15 +0100] "GET /phpMyAdmin-2.2.3/index.php HTTP/1.1" 404 19498.100.186.95 - - [01/May/2012:22:00:15 +0100] "GET /phpMyAdmin-2.2.6/index.php HTTP/1.1" 404 19598.100.186.95 - - [01/May/2012:22:00:15 +0100] "GET /phpMyAdmin-2.5.1/index.php HTTP/1.1" 404 19498.100.186.95 - - [01/May/2012:22:00:16 +0100] "GET /phpMyAdmin-2.5.4/index.php HTTP/1.1" 404 19498.100.186.95 - - [01/May/2012:22:00:18 +0100] "GET /phpMyAdmin-2.5.5-rc1/index.php HTTP/1.1" 404 19898.100.186.95 - - [01/May/2012:22:00:19 +0100] "GET /phpMyAdmin-2.5.5-rc2/index.php HTTP/1.1" 404 19898.100.186.95 - - [01/May/2012:22:00:19 +0100] "GET /phpMyAdmin-2.5.5/index.php HTTP/1.1" 404 19498.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.6-rc1/index.php HTTP/1.1" 404 19998.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.6/index.php HTTP/1.1" 404 19598.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.7/index.php HTTP/1.1" 404 19598.100.186.95 - - [01/May/2012:22:00:41 +0100] "GET /phpMyAdmin-2.5.7-pl1/index.php HTTP/1.1" 404 19861.51.18.235 - - [02/May/2012:11:02:34 +0100] "GET /user/soapCaller.bs HTTP/1.1" 404 18631.31.200.75 - - [02/May/2012:16:23:27 +0100] "HEAD / HTTP/1.0" 200 - I guess they are looking for particular versions of phpMyAdmin so they can exploit a security hole. Also how come both access are being used and is there an htaccess code I can add to block entire IP ranges? It would be good to have a custom redirect too. Quote Link to comment Share on other sites More sharing options...
Yoni Posted May 2, 2012 Report Share Posted May 2, 2012 First of all I am a tad confused, I have to Apache logs which are www.my-domain.com-access.log and access.log. The access log for my domain has the odd bot connecting to it but access.log has loads of IP's mainly from Russia & China and a few form the USA with things like...I guess they are looking for particular versions of phpMyAdmin so they can exploit a security hole. Also how come both access are being used and is there an htaccess code I can add to block entire IP ranges? It would be good to have a custom redirect too. Supposedly this is an IP from Delafield, WI, US. I've seen the same script ran against my server. I've banned the IP from accessing my servers. You should be fine though... They are looking for phpmyadmin that's why you always want to keep it inaccessible from the outside. You can VPN into your network and work in phpmyadmin if necessary or just work with it locally. Get used to it. These scripts are more common than what you may think. Even though you certainly want to block repeated offenders if possible. Quote <p class="bbc_center"><span style="font-size:12px;"><strong>Yoni</strong></span></p> Link to comment Share on other sites More sharing options...
BobS Posted May 3, 2012 Report Share Posted May 3, 2012 access.log catches all the non-domain-specific traffic. I believe it may be possible to restrict access to just your domain-specific account, but I'd have to work out how to block the rest of the traffic. I don't know if using a .htaccess file is sufficient, since it would use the IP address. Someone else may know more about how to do this than I. In the meantime, you'll just have to deal with all that toxic traffic. Regards,BobS Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.