0

I am seeing a lot of requests where users are trying to request PhPMyAdmin directory on my web-server and I would like to put an end to it. They try a few different directories like PhpMyAdmin-2.10 or just PhpMyAdmin or just PhpMyAdmin-2.09

Would Apache Re-write rule be the best thing to re0direct them to a blackhole that bans their IP from accessing the IP again?

Or

I could simply create these directories and put in a javascript redirect to black-hole them as well.

Thoughts on a good solution are appreciated.

EDIT: Here is what I am doing in .htaccess

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/phpmyadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/dbadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/mail [NC,OR]
RewriteCond %{REQUEST_URI} ^/myadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/mysql [NC,OR]
RewriteCond %{REQUEST_URI} ^/php\-my\-admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/pma [NC,OR]
RewriteCond %{REQUEST_URI} ^/webmail [NC]
RewriteRule .* http://%{REMOTE_ADDR}%{REQUEST_URI} [R=301]
AXL
  • 3
  • 1
  • 3
  • I'd go with either rewrite or putting your ban script directly at the URLs being requested. Whoever is hitting it is probably using an automated scanner rather than a webbrowser with javascript support, and wouldn't obey a javascript redirect. – DerfK Dec 28 '10 at 00:36

2 Answers2

3

You could waste their time - which may do more to prevent them from scanning the internet as a whole than banning their IP would:

RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} ^/phpmyadmin [NC]
RewriteRule .* http://%{REMOTE_ADDR}%{REQUEST_URI} [R=301]

Update: To add directories or files you can add additional conditions (be careful not to block search spiders, etc)...

Update x2: Added the Last and QueryStringAppend flags, commented desirable location for additional rules.

RewriteEngine on

RewriteBase /

RewriteCond %{REQUEST_URI} ^/phpmyadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/dbadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/mail [NC,OR]
RewriteCond %{REQUEST_URI} ^/myadmin [NC,OR]
RewriteCond %{REQUEST_URI} ^/mysql [NC,OR]
RewriteCond %{REQUEST_URI} ^/php\-my\-admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/pma [NC,OR]
RewriteCond %{REQUEST_URI} ^/webmail [NC]
RewriteRule .* http://%{REMOTE_ADDR}%{REQUEST_URI} [L,R=301,QSA]

#
# any other rewrite conditions and rules here
#
danlefree
  • 2,873
  • 1
  • 18
  • 20
  • @danielfree - if I wanted to add more rewrite rules for similar things. I would just add additional RewriteCond and RewriteRule lines, correct? – AXL Dec 28 '10 at 03:40
  • @AXL - You would need to add the "OR" flag - updating answer accordingly – danlefree Dec 28 '10 at 03:58
  • @danlefree - I am doing something wrong. in httpd.conf I do RewriteEngine on and in the I do RewriteEngine On and RewriteOptions Inherit. I then create a .htaccess in the directory the uses for DocumentRoot but when I try and hit /phpmyadmin I get a 404 rather than a 301. Edited the above question to show what I am doing in .htaccess. – AXL Dec 28 '10 at 18:54
  • @AXL - Sorry, was missing the leading slash in the example (for your rules to work you'll need to add the leading slash for rules like `^/phpmyadmin` and you'll want to escape the dash character for rules like `^/php\-my\-admin` - otherwise that should work. – danlefree Dec 28 '10 at 23:20
  • @danlefree - OK, I tried that, even restarted apache and I am still getting a 404 – AXL Dec 29 '10 at 00:00
  • @danlefree - in looking at more examples and the rewrite guide more intensively do I need to add [L] so no more rules are processed? – AXL Dec 29 '10 at 00:13
  • @AXL - Additional rules should not be processed after a permanent redirect to a new host - Yes, try it w/`[L,R=301]` – danlefree Dec 29 '10 at 00:55
  • @danlefree - I tried one rule like: RewriteCond %{REQUEST_URI} ^/phpmyadmin [NC,L,R=301] with the same RewriteRule .* http://%{REMOTE_ADDR}%{REQUEST_URI} [R=301] and I still get a 404 – AXL Dec 29 '10 at 16:01
  • @AXL - My apologies for any miscommunication on my part - please try the new example in my answer. – danlefree Dec 29 '10 at 16:26
  • @danlfree - Yup, I was becoming close to your update with my digging more and more into this. I learned something for sure! This is great and I see there is a lot of advanced items you can do with mod_rewrite! wow. it works in but not in an .htaccess in the DocumentRoot for the which is OK. Great help. Thank you. – AXL Dec 29 '10 at 16:56
  • @AXL - Very glad to hear you were able to get it working - have you seen the `mod_rewrite` "master question" ..? There are some great tips to look at, if you'd like to master `mod_rewrite`: http://serverfault.com/questions/214512/everything-you-ever-wanted-to-know-about-mod-rewrite-rules-but-were-afraid-to-ask – danlefree Dec 29 '10 at 17:04
1

ModSecurity or fail2ban is what my research led me to.

There is also this question: How to thwart PHPMyAdmin attacks?

Community
  • 1
wrmine
  • 267
  • 1
  • 4