So I installed AWStats, and went to 404 errors, and I found this;

Required but not found URLs (HTTP code 404)

URL (10) Error Hits Referrers

/robots.txt 9 -

/phpmyadmin/scripts/setup.php 2 -

/ 2 -

/MyAdmin/scripts/setup.php 2 -

/pma/scripts/setup.php 1 -

/myadmin/scripts/setup.php 1 - 1 -

/phpMyAdmin/scripts/setup.php 1 - 1 -

/webdav/ 1 -

Does this mean that bots are trying to see if my server is unsecure when it's looking for phpmyadmin setup, and it can't find it? Should I be blacklisting these ip addresses in my vhost.conf file?

2 Replies

Yes, bots routinely scan IP addresses for phpMyAdmin and other things to hax0r. You could set up fail2ban or somesuch to whack them, but it's probably not worth bothering. There are so many of them, and you're not letting them actually find anything, right?

You can but it's generally not worth it. If you make services publicly available assume that people are going to try things against them.

There does exist software that you can use to guard against these sorts of things but in general unless you want to monitor it nearly every day and add filter rules, it's not worth it.

Your best defense against this stuff is to move applications out of default directories, keep your applications updated, never allow the applications to have root access to anything (databases, or system)–and go from there.

If you do have or want remote Administration applications, try doing a server-side validation of your client before allowing a connection. In this manner the TLS connection will fail since the server isn't provided with a valid client certificate.


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct