phpMyAdmin scans--what signatures should I block?

Question

phpMyAdmin scans--what signatures should I block?

general

I got hit by a phpMyAdmin scan a few days ago, and the scan started with a "GET /muieblackcat". phpMyAdmin is not installed, nor do I have a CMS installed, so I am safe as far as I can tell, but I'd like to determine what other accesses are known scans.

I have a Fail2ban setup that blocks known attack signatures. These signatures match accesses to files like "/muieblackcat" and user agents such as "ZmEu". I recently added a more generic signature that matches all accesses containing "/scripts/setup.php".

What other signatures do I need to block?

–DragonLord

2 Replies

forum:vonskippy · Answer 1 · Oct. 10, 2013, 2:20 p.m.

forum:vonskippy 10 years, 6 months ago

Why?

If you don't have the target, it's just more Internet noise to ignore.

forum:Inquisitor Sasha · Answer 2 · Oct. 10, 2013, 9:38 p.m.

forum:Inquisitor Sasha 10 years, 6 months ago

~~@vonskippy:~~

Why?

If you don't have the target, it's just more Internet noise to ignore.

I just took down PHPmyAdmin today. If you don't have what's trying to be hacked, or if you don't have a vulnerability, just ignore it as random internet noise. That happens.

Compute

Storage

Databases

Networking

Developer Tools

Delivery

Security

Services

Industries

Pricing

Community

Engage With Us

phpMyAdmin scans--what signatures should I block?

2 Replies

Reply

Tips: