Note: Rho’s excellent blog post pointed me in the right direction – credit where credit is due.
On my websites, I’ve seen a lot of scanning for vulnerable phpMyAdmin installations.
As a matter of policy, I don’t run phpMyAdmin on any Internet-facing web server. The scans won’t find anything, but the log entries are annoying so I decided to take action.
Some information about the attacks:
The scans originate from a variety of sources, so an IP-address block will not work.
The scans typically probe IP-addresses (not hostnames) for phpMyAdmin installations. We will use this to our advantage.
The scans cannot be prevented, but at least [...]
Continue reading Annoyed by phpMyAdmin scans? Set up a tarpit with mod_security!