Forum Moderators: open
Will this line help?
SetEnvIfNoCase User-Agent "phpmyadmin" banned
163.xx- - [05/Sep/2007:00:16:49 +0200] "GET /web/main.php HTTP/1.0" 301 329 "-" "-"
163.xx- - [05/Sep/2007:00:16:50 +0200] "GET /PMA/main.php HTTP/1.0" 301 329 "-" "-"
163.xx - - [05/Sep/2007:00:16:50 +0200] "GET /dbadmin/main.php HTTP/1.0" 301 333 "-" "-"
163.xx - - [05/Sep/2007:00:16:51 +0200] "GET /admin/phpmyadmin/main.php HTTP/1.0" 301 342 "-" "-"
163.xx- - [05/Sep/2007:00:16:51 +0200] "GET /admin/phpMyAdmin/main.php HTTP/1.0" 301 342 "-" "-"
163.xx- - [05/Sep/2007:00:16:55 +0200] "GET /mysql/phpmyadmin/main.php HTTP/1.0" 301 342 "-" "-"
163.xx- - [05/Sep/2007:00:16:56 +0200] "GET /mysql/phpMyAdmin/main.php HTTP/1.0" 301 342 "-" "-"
163.xx- - [05/Sep/2007:00:16:56 +0200] "GET /sql/phpmyadmin/main.php HTTP/1.0" 301 340 "-" "-"
163.xx- - [05/Sep/2007:00:16:57 +0200] "GET /sql/phpMyAdmin/main.php HTTP/1.0" 301 340 "-" "-"
163.xx- - [05/Sep/2007:00:16:57 +0200] "GET /PMA/read_dump.phpmain.php HTTP/1.0" 301 342 "-" "-"
163.xx- - [05/Sep/2007:00:16:58 +0200] "GET /mysql/read_dump.phpmain.php HTTP/1.0" 301 344 "-" "-"
Will this line help?
SetEnvIfNoCase User-Agent "phpmyadmin" banned
No, because the user-agent string is blank.
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteCond %{REQUEST_METHOD} !^HEAD$
RewriteRule .* - [F]
However, I suggest you monitor logs closely as many friendly hits also do not show a UA. So you will need allow some IP addresses, example: Google mobile, M$, Yahoo, etc.
If they actually find something vulnerable you need to block any access attempt with "=http:" in the query string to stop the actual script injection.
