search for: pma2005

Every few days I see in the logwatch on my Centos-5.5 web-server what seems like a rather feeble break-in attempt. Eg today I see --------------------------- 403 Forbidden /phpMyAdmin/scripts/setup.php: 2 Time(s) /phpmyadmin/scripts/setup.php: 2 Time(s) 404 Not Found /PMA2005/scripts/setup.php: 1 Time(s) /TRAD_files/datestamp.js: 1 Time(s) ... --------------------------- followed by dozens of similar lines. As far as I can see, the IP of the person making the attempt (if there was an attempt) is not given. I'm not at all sure what if anything I should do ab...

It appears to be a low-level attack, not so frequent as to be banned permanently, just a number of times a day. I did google on this, and I gather it's looking for phpmyadmin. We've been getting one from one specific network in Russia for weeks Here are more information about 91.201.64.24: [Querying whois.ripe.net] [whois.ripe.net] <snip> % Information related to '91.201.64.0