Somebody is scanning my site for phpMyAdmin

Portal Home > Knowledgebase > Articles Database > Somebody is scanning my site for phpMyAdmin

Posted by JoyceBabu, 07-09-2009, 05:29 AM
Today I found several requests in my error log which looks like someone was scanning my site for phpMyAdmin. This was a newly created subdomain. So I checked my main site and another subdomain and they also contained similar entries. Should I do something? There were similar requests from more ips
Posted by webcertain, 07-09-2009, 05:57 AM
it happens a lot - we see this on our servers regularly. don't use phpmyadmin without passwording it is the best option.
Posted by JoyceBabu, 07-09-2009, 06:48 AM
I have setup phpmyadmin on another domain under a coded word. So they are not going to find it.
Posted by jackpx, 07-09-2009, 07:37 AM
yes.... good trick
Posted by webcertain, 07-09-2009, 08:55 AM
well, you should NEVER rely on someone not finding something as a security method, you need to make sure its limited to either your IP addresses or by username and password.
Posted by Motiv, 07-09-2009, 09:12 AM
Welcome to the Internet. You're going to get scanned by bots basically 24/7.
Posted by foobic, 07-09-2009, 09:18 AM
True. But like changing the SSH port, as a method of keeping this sort of crap out of your logs it's very effective.
Posted by WHR-Abner, 07-09-2009, 09:53 AM
Use "http" Auth for PMA and do set a complex password. Always check for PMA updates.
Posted by webcertain, 07-09-2009, 10:15 AM
yeah, but you WANT to see such things in your logs - otherwise you'll never know when people are trying to do norty things to your server.
Posted by mwatkins, 07-09-2009, 11:57 AM
I don't run a lick of PHP software on most of my machines yet the logs are full of requests for various PHP packages like PMA, phpBB, vBulletin and the like. As someone said above, welcome to the internet. Your box will be subject to scans of all sorts, 24x7. Are you secure? Be afraid, be very afraid. (and use that fear to drive you to learn how to head off attacks, and setup a backup regime that can be relied upon just in case)
Posted by JoyceBabu, 07-09-2009, 02:00 PM
I have a somewhat complex password for my mysql root account. The phpMyAdmin pathname has nothing to with mysql/sql/db. It is installed on a barely used, low traffic domain. Thats what I too thought. I can't use http Auth too. Since having two logins will be difficult for some of the users. I don't have an off site backup. I think I should start giving more importance to it.
Posted by BigGorilla, 07-09-2009, 06:27 PM
Not really. I only want to know about real threats. If someone's trying to hack into something I don't have, I quite frankly don't care. Most of these are random bots that are just looking for common vulnerabilities. As far as knowing when people are trying to do naughty things with my servers, well, that's pretty much always. If I logged all of that, I'd never find the important stuff.
Posted by linuxfan, 07-10-2009, 12:46 PM
Funny happened on one my server too.But i didn't checked other servers.Just make sure anything what is sensitive you have protected by htaccess or any other password method.Also i noticed those scans coming from server with domain(some chinese sites)so maybe it will be good to send abuse reports. Last edited by linuxfan; 07-10-2009 at 12:51 PM.
Posted by WHR-Abner, 07-10-2009, 11:30 PM
If they are legit IPs, then you can send the abuse reports. But most of them might be spoofed ones. Its better to implement attack mitigation tools rather than running behind these attackers..
Posted by linuxfan, 07-12-2009, 06:15 PM
Yes indeed someone could hack server and install proxy on to do such operations.But again question is there sense to bother with such scanning attempts since there could coming from tons of servers.

Add to Favourites Print this Article