Re: scans in my hosts. (Debian 5.0 and Apache 2.2.9)
On 7/29/10 11:43 AM, Ashley Taylor wrote:
If your phpMyAdmin installations are safe and protected and you wish to
remove these from your log files for vanity reasons, please see this guide
with a cool fail2ban config that should help you:
On Thu, Jul 29, 2010 at 3:49 PM, Sjors Gielen<firstname.lastname@example.org>wrote:
Op 29 jul 2010, om 16:34 heeft OLCESE, Marcelo Oscar. het volgende
I am taking these scans in my hosts. (Debian 5.0 and Apache 2.2.9)
This has been repeating since a weeks.
Know what can be? What can I do to eliminate?
Someone is scanning your system for vulnerable PHPMyAdmin installations,
and other possibly vulnerable stuff. As long as you watch your PHPMyAdmin
installations if you have any and make sure nobody can abuse them, nothing's
wrong. Try, for example, requiring http authentication to access the
directories, or turning off your webserver if you didn't need it anyway.
There was a recent influx of attacks on some hosts who were using
outdated versions [some by almost 4 revisions ~ one host I know of is
using a version of PHPMyAdmin with about 20 CVE's against it that I
confirmed myself ~ they have yet to push their "security experts" to
update this as an emergency or close the loop by creating a prompted
login ~ some who were very high end hosts] and they were open so a lot
of people might see this happening more and more.