On 7/29/10 11:43 AM, Ashley Taylor wrote:
If your phpMyAdmin installations are safe and protected and you wish to remove these from your log files for vanity reasons, please see this guide with a cool fail2ban config that should help you: http://foosel.org/blog/2008/04/banning_phpmyadmin_bots_using_fail2ban Ash. On Thu, Jul 29, 2010 at 3:49 PM, Sjors Gielen<mailinglist@dazjorz.com>wrote:Op 29 jul 2010, om 16:34 heeft OLCESE, Marcelo Oscar. het volgende geschreven:Estimated: I am taking these scans in my hosts. (Debian 5.0 and Apache 2.2.9) This has been repeating since a weeks. Know what can be? What can I do to eliminate? Thanks. Marcelo Olcese.Someone is scanning your system for vulnerable PHPMyAdmin installations, and other possibly vulnerable stuff. As long as you watch your PHPMyAdmin installations if you have any and make sure nobody can abuse them, nothing's wrong. Try, for example, requiring http authentication to access the directories, or turning off your webserver if you didn't need it anyway. Sjors
There was a recent influx of attacks on some hosts who were using outdated versions [some by almost 4 revisions ~ one host I know of is using a version of PHPMyAdmin with about 20 CVE's against it that I confirmed myself ~ they have yet to push their "security experts" to update this as an emergency or close the loop by creating a prompted login ~ some who were very high end hosts] and they were open so a lot of people might see this happening more and more.