: Preventing phpMyAdmin hacks I recently saw an unexpected error in my error log, and upon investigating, found it repeated many times. What are the deviants trying to accomplish, and is there
I recently saw an unexpected error in my error log, and upon investigating, found it repeated many times. What are the deviants trying to accomplish, and is there any risk of them accomplishing it.
[root@devserver scripts]# cat /var/log/httpd/store/error.log | grep phpMyAdmin
[Fri Aug 21 19:38:57 2015] [error] [client 95.139.227.8] client denied by server configuration: /usr/share/phpMyAdmin/index.php
[Mon Aug 24 00:11:56 2015] [error] [client 183.60.244.46] client denied by server configuration: /usr/share/phpMyAdmin/
[Mon Aug 24 00:11:57 2015] [error] [client 183.60.244.46] client denied by server configuration: /usr/share/phpMyAdmin/docs.css
[Sun Oct 11 04:23:23 2015] [error] [client 183.91.86.103] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Mon Oct 12 03:09:12 2015] [error] [client 149.202.60.88] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Mon Oct 12 03:09:12 2015] [error] [client 149.202.60.88] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Tue Oct 13 08:24:18 2015] [error] [client 36.230.67.137] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Thu Oct 15 20:19:32 2015] [error] [client 183.60.244.37] client denied by server configuration: /usr/share/phpMyAdmin/
[Thu Oct 15 20:19:32 2015] [error] [client 183.60.244.37] client denied by server configuration: /usr/share/phpMyAdmin/docs.css
[Fri Oct 16 14:39:32 2015] [error] [client 201.153.9.87] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Fri Oct 16 18:27:07 2015] [error] [client 173.193.12.5] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Fri Oct 16 18:27:07 2015] [error] [client 173.193.12.5] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Wed Oct 21 04:47:02 2015] [error] [client 95.173.166.211] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Sat Oct 31 18:26:09 2015] [error] [client 186.224.34.79] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Tue Nov 03 15:00:27 2015] [error] [client 51.254.211.231] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Wed Nov 04 21:57:57 2015] [error] [client 200.111.160.155] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Thu Nov 05 04:53:09 2015] [error] [client 221.11.92.253] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Thu Nov 05 04:53:13 2015] [error] [client 221.11.92.253] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Sat Nov 07 04:36:04 2015] [error] [client 221.11.92.253] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Sat Nov 07 04:36:08 2015] [error] [client 221.11.92.253] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Sat Nov 07 20:00:35 2015] [error] [client 175.201.19.167] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Sat Nov 07 20:00:35 2015] [error] [client 175.201.19.167] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Mon Nov 09 00:25:20 2015] [error] [client 5.8.66.78] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Mon Nov 09 00:25:21 2015] [error] [client 5.8.66.78] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Tue Nov 10 08:12:03 2015] [error] [client 89.248.171.139] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Wed Nov 11 13:18:55 2015] [error] [client 180.250.40.102] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Wed Nov 11 13:18:56 2015] [error] [client 180.250.40.102] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Thu Nov 12 03:06:25 2015] [error] [client 59.115.212.93] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Thu Nov 12 18:11:39 2015] [error] [client 5.189.171.97] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Thu Nov 12 18:11:39 2015] [error] [client 5.189.171.97] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Fri Nov 13 10:29:54 2015] [error] [client 173.193.157.42] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Fri Nov 13 10:29:55 2015] [error] [client 173.193.157.42] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Sat Nov 14 13:52:55 2015] [error] [client 124.129.18.100] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Sun Nov 15 03:23:13 2015] [error] [client 159.8.93.184] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Sun Nov 15 06:28:37 2015] [error] [client 167.56.141.230] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Mon Nov 16 18:56:54 2015] [error] [client 149.202.42.42] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Tue Nov 17 04:45:53 2015] [error] [client 184.172.196.102] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[Tue Nov 17 04:45:53 2015] [error] [client 184.172.196.102] client denied by server configuration: /usr/share/phpMyAdmin/scripts/setup.php
[root@devserver scripts]#
More posts by @RJPawlick198
1 Comments
Sorted by latest first Latest Oldest Best
In you case it is already securised as setup.php is not allowed.
More advices:
keep your phpmyadmin uptodate
change default folder name
Here you can find an extra rule for Apache to redirect to nowhere 90% of bots:
RewriteCond %{HTTP_USER_AGENT} ^-?$|curl|perl|python [NC,OR]
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST)$ [OR]
RewriteCond %{REQUEST_URI} !^/ [OR]
RewriteCond %{HTTP_REFERER} "!^$|^http"
RewriteRule .* - [END,R=406]
I use code 406, but you can use any other code, or even no redirect (then remove R=406).
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.