Mobile app version of vmapp.org
Login or Join
Ravi8258870

: Spambots looking for phpmyadmin and more I inherited a couple of sites that send the webmaster an email with each 404 error. I get a smattering of errors each day, but there are times when

@Ravi8258870

Posted in: #Php #Phpmyadmin #SpamPrevention #Wordpress

I inherited a couple of sites that send the webmaster an email with each 404 error. I get a smattering of errors each day, but there are times when I'll get dozens, even hundreds, of errors from these sites in just a couple of minutes. Given what they're looking for (directories like phpmyadmin, wp-admin, register, admin, etc. and files like setup.php, register.php, admin.php, etc.) it's obviously a spambot trying to get access to the site.

Is there a way to prevent them from even looking at the site? Should I set up a honeypot that provides some bogus info or something? And how do I accomplish this?

I'm guessing that other sites (maybe all?) that I manage are being "attacked" in the same way, but I don't have a script that reports those errors in the same way so the squeaky wheel is getting my attention.

10.02% popularity Vote Up Vote Down


Login to follow query

More posts by @Ravi8258870

2 Comments

Sorted by latest first Latest Oldest Best

 

@Odierno851

There isn't much you can do to prevent them. They are just automated scripts checking for vulnerable scripts. They will use lots of different IP addresses so there is no real way that I know of to prevent this.

The real question is should you worry about this? The answer is no.

Do you really need an email when someone hits a 404? What are you going to do??? Fix it at once? I would just regularly check my logs and stop the sending of IMHO unneeded emails.

On my server I have installed OSSEC in which you can define rules. So I will only get email alerts when I really need to (e.g. when the rubbish hits the fan).

10% popularity Vote Up Vote Down


 

@Kevin317

Every site is being attacked in the same way. There's no way to stop this from happening in the first place. It's just not practical. You can monitor your server logs and try to block IPs that are consistently offering your problems but the best you can really do is keep your software up to date.

An interesting thing I found recently is 5G Blacklist. It uses .htaccess to protect against that sort of garbage attacks. It's worth checking out.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme