MyPHP attacks

I have a few attempts to access my PHP databases and would like some advice on how to go about blocking them. I appreciate they are not using a lot of bandwidth and that all attempts have been so far unsuccessful but I am concerned they may strike it lucky sometime soon.

Any advice appreciated.
Thank you in advance

The following is from my logs:

[18/May/2011:20:25:47 +0100] "GET //scripts/setup.php HTTP/1.1" 404 1226
[18/May/2011:20:25:47 +0100] "GET //admin/scripts/setup.php HTTP/1.1" 404 1232
[18/May/2011:20:25:47 +0100] "GET //admin/pma/scripts/setup.php HTTP/1.1" 404 1236
[18/May/2011:20:25:47 +0100] "GET //admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:47 +0100] "GET //db/scripts/setup.php HTTP/1.1" 404 1229
[18/May/2011:20:25:47 +0100] "GET //dbadmin/scripts/setup.php HTTP/1.1" 404 1234
[18/May/2011:20:25:48 +0100] "GET //myadmin/scripts/setup.php HTTP/1.1" 404 1234
[18/May/2011:20:25:48 +0100] "GET //mysql/scripts/setup.php HTTP/1.1" 404 1232
[18/May/2011:20:25:48 +0100] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 1237
[18/May/2011:20:25:48 +0100] "GET //typo3/phpmyadmin/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:48 +0100] "GET //phpadmin/scripts/setup.php HTTP/1.1" 404 1235
[18/May/2011:20:25:49 +0100] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 1237
[18/May/2011:20:25:49 +0100] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 1237
[18/May/2011:20:25:49 +0100] "GET //phpmyadmin1/scripts/setup.php HTTP/1.1" 404 1238
[18/May/2011:20:25:49 +0100] "GET //phpmyadmin2/scripts/setup.php HTTP/1.1" 404 1238
[18/May/2011:20:25:49 +0100] "GET //pma/scripts/setup.php HTTP/1.1" 404 1230
[18/May/2011:20:25:49 +0100] "GET //web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 1241
[18/May/2011:20:25:49 +0100] "GET //xampp/phpmyadmin/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:50 +0100] "GET //web/scripts/setup.php HTTP/1.1" 404 1230
[18/May/2011:20:25:50 +0100] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 1239
[18/May/2011:20:25:50 +0100] "GET //websql/scripts/setup.php HTTP/1.1" 404 1233
[18/May/2011:20:25:50 +0100] "GET //phpmyadmin/scripts/setup.php HTTP/1.1" 404 1237
[18/May/2011:20:25:50 +0100] "GET //phpMyAdmin/scripts/setup.php HTTP/1.1" 404 1237
[18/May/2011:20:25:50 +0100] "GET //phpMyAdmin-2/scripts/setup.php HTTP/1.1" 404 1239
[18/May/2011:20:25:50 +0100] "GET //php-my-admin/scripts/setup.php HTTP/1.1" 404 1239
[18/May/2011:20:25:50 +0100] "GET //phpMyAdmin-2.2.3/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:50 +0100] "GET //phpMyAdmin-2.2.6/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:51 +0100] "GET //phpMyAdmin-2.5.1/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:51 +0100] "GET //phpMyAdmin-2.5.4/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:51 +0100] "GET //phpMyAdmin-2.5.5-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:51 +0100] "GET //phpMyAdmin-2.5.5-rc2/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:51 +0100] "GET //phpMyAdmin-2.5.5/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:51 +0100] "GET //phpMyAdmin-2.5.5-pl1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:51 +0100] "GET //phpMyAdmin-2.5.6-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:51 +0100] "GET //phpMyAdmin-2.5.6-rc2/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:52 +0100] "GET //phpMyAdmin-2.5.6/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:52 +0100] "GET //phpMyAdmin-2.5.7/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:52 +0100] "GET //phpMyAdmin-2.5.7-pl1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:52 +0100] "GET //phpMyAdmin-2.6.0-alpha/scripts/setup.php HTTP/1.1" 404 1249
[18/May/2011:20:25:52 +0100] "GET //phpMyAdmin-2.6.0-alpha2/scripts/setup.php HTTP/1.1" 404 1250
[18/May/2011:20:25:52 +0100] "GET //phpMyAdmin-2.6.0-beta1/scripts/setup.php HTTP/1.1" 404 1249
[18/May/2011:20:25:52 +0100] "GET //phpMyAdmin-2.6.0-beta2/scripts/setup.php HTTP/1.1" 404 1249
[18/May/2011:20:25:52 +0100] "GET //phpMyAdmin-2.6.0-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:53 +0100] "GET //phpMyAdmin-2.6.0-rc2/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:53 +0100] "GET //phpMyAdmin-2.6.0-rc3/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:53 +0100] "GET //phpMyAdmin-2.6.0/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:53 +0100] "GET //phpMyAdmin-2.6.0-pl1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:53 +0100] "GET //phpMyAdmin-2.6.0-pl2/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:53 +0100] "GET //phpMyAdmin-2.6.0-pl3/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:53 +0100] "GET //phpMyAdmin-2.6.1-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:53 +0100] "GET //phpMyAdmin-2.6.1-rc2/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:53 +0100] "GET //phpMyAdmin-2.6.1/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:54 +0100] "GET //phpMyAdmin-2.6.1-pl1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:54 +0100] "GET //phpMyAdmin-2.6.1-pl2/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:54 +0100] "GET //phpMyAdmin-2.6.1-pl3/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:54 +0100] "GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:54 +0100] "GET //phpMyAdmin-2.6.2-beta1/scripts/setup.php HTTP/1.1" 404 1249
[18/May/2011:20:25:54 +0100] "GET //phpMyAdmin-2.6.2-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:54 +0100] "GET //phpMyAdmin-2.6.2/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:54 +0100] "GET //phpMyAdmin-2.6.2-pl1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:55 +0100] "GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:55 +0100] "GET //phpMyAdmin-2.6.3-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:55 +0100] "GET //phpMyAdmin-2.6.3/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:55 +0100] "GET //phpMyAdmin-2.6.3-pl1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:55 +0100] "GET //phpMyAdmin-2.6.4-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:55 +0100] "GET //phpMyAdmin-2.6.4-pl1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:55 +0100] "GET //phpMyAdmin-2.6.4-pl2/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:55 +0100] "GET //phpMyAdmin-2.6.4-pl3/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:56 +0100] "GET //phpMyAdmin-2.6.4-pl4/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:56 +0100] "GET //phpMyAdmin-2.6.4/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:56 +0100] "GET //phpMyAdmin-2.7.0-beta1/scripts/setup.php HTTP/1.1" 404 1249
[18/May/2011:20:25:56 +0100] "GET //phpMyAdmin-2.7.0-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:56 +0100] "GET //phpMyAdmin-2.7.0-pl1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:56 +0100] "GET //phpMyAdmin-2.7.0-pl2/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:56 +0100] "GET //phpMyAdmin-2.7.0/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:56 +0100] "GET //phpMyAdmin-2.8.0-beta1/scripts/setup.php HTTP/1.1" 404 1249
[18/May/2011:20:25:57 +0100] "GET //phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:57 +0100] "GET //phpMyAdmin-2.8.0-rc2/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:57 +0100] "GET //phpMyAdmin-2.8.0/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:57 +0100] "GET //phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 404 1245
[18/May/2011:20:25:57 +0100] "GET //phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 404 1245
[18/May/2011:20:25:57 +0100] "GET //phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 404 1245
[18/May/2011:20:25:57 +0100] "GET //phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 404 1245
[18/May/2011:20:25:58 +0100] "GET //phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 404 1247
[18/May/2011:20:25:58 +0100] "GET //phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:58 +0100] "GET //phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 404 1243
[18/May/2011:20:25:58 +0100] "GET //sqlmanager/scripts/setup.php HTTP/1.1" 404 1237
[18/May/2011:20:25:58 +0100] "GET //mysqlmanager/scripts/setup.php HTTP/1.1" 404 1239
[18/May/2011:20:25:58 +0100] "GET //p/m/a/scripts/setup.php HTTP/1.1" 404 1232
[18/May/2011:20:25:58 +0100] "GET //PMA2005/scripts/setup.php HTTP/1.1" 404 1234
[18/May/2011:20:25:59 +0100] "GET //pma2005/scripts/setup.php HTTP/1.1" 404 1234
[18/May/2011:20:25:59 +0100] "GET //phpmanager/scripts/setup.php HTTP/1.1" 404 1237
[18/May/2011:20:25:59 +0100] "GET //php-myadmin/scripts/setup.php HTTP/1.1" 404 1238
[18/May/2011:20:25:59 +0100] "GET //phpmy-admin/scripts/setup.php HTTP/1.1" 404 1238
[18/May/2011:20:25:59 +0100] "GET //webadmin/scripts/setup.php HTTP/1.1" 404 1235
[18/May/2011:20:25:59 +0100] "GET //sqlweb/scripts/setup.php HTTP/1.1" 404 1233
[18/May/2011:20:25:59 +0100] "GET //websql/scripts/setup.php HTTP/1.1" 404 1233
[18/May/2011:20:25:59 +0100] "GET //webdb/scripts/setup.php HTTP/1.1" 404 1232
[18/May/2011:20:25:59 +0100] "GET //mysqladmin/scripts/setup.php HTTP/1.1" 404 1237
[18/May/2011:20:26:00 +0100] "GET //mysql-admin/scripts/setup.php HTTP/1.1" 404 1238

RewriteCond %{HTTP_USER_AGENT} (libwww|perl|Indy|python|urllib|java) [NC,OR] RewriteCond %{HTTP_USER_AGENT} libwww-perl [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9] [NC,OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(Python.urllib�Java/?[1-9]\.[0-9]) [NC,OR] RewriteCond %{HTTP_user_agent} ^-?$ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(python[-.]?urllib|java/?[1-9]\.[0-9]) [NC]

RewriteCond %{HTTP_USER_AGENT} (libwww|perl|Indy|python|urllib|java) [NC,OR] RewriteCond %{HTTP_USER_AGENT} libwww-perl [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9] [NC,OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(Python.urllib�Java/?[1-9]\.[0-9]) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^-?$ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(python[-.]?urllib|java/?[1-9]\.[0-9]) [NC,OR] RewriteCond %{HTTP_USER_AGENT} "Tcs/1" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "freefind" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "EmeraldShield" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "lwp-trivial" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "Turnitin" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "trivial" [NC,OR] RewriteCond %{HTTP_USER_AGENT} "User-Agent: Mozilla" [NC,OR] RewriteCond %{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b [NC,OR] RewriteCond %{HTTP_USER_AGENT} "LWP::Simple" [NC] RewriteRule .* - [F]

RewriteCond %{HTTP_USER_AGENT} (libwww|perl|Indy|python|urllib|java) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9] [NC,OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^-?$ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(python[-.]?urllib|java/?[1-9]\.[0-9]) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (libwww|EmeraldShield|lwp-trivial|Turnitin|trivial|LWP::Simple|Tcs/1) [NC,OR] RewriteCond %{HTTP_USER_AGENT} "User-Agent: Mozilla" [NC,OR] RewriteCond %{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b [NC] RewriteRule .* - [F]

RewriteCond %{HTTP_USER_AGENT} (libwww|perl|Indy|python|urllib|java|EmeraldShield|lwp-trivial|Turnitin|trivial|LWP::Simple|Tcs/1) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9] [NC,OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^-?$ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(python[-.]?urllib|java/?[1-9]\.[0-9]) [NC,OR] RewriteCond %{HTTP_USER_AGENT} "User-Agent: Mozilla" [NC,OR] RewriteCond %{HTTP_COOKIE}% s:(.*):\%22test1\%22\%3b [NC] RewriteRule .* - [F]

MyPHP attacks

php attack

cyberdyne

wilderness

cyberdyne

wilderness

brotherhood of LAN

wilderness

SteveWh

g1smd

cyberdyne

cyberdyne

SteveWh

cyberdyne

cyberdyne

wilderness

cyberdyne

cyberdyne

wilderness

wilderness

cyberdyne

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week