my logfile is full with rtying to finde a phpmyadmin and, so, I would like to bann everyone, they try to find phpmyadmin, except my IP. How does one do this?
Many thanks in advance.
Hiawatha version: 7.3 Operating System: Debian 5
Samiux
19 September 2010, 17:47
Please include the following at the Virtualhost section :
AccessList = allow 192.168.0.0/24 , deny all
or
AccessList = allow 192.168.0.100, deny all
Alex
20 September 2010, 01:38
BanlistMask don't work for me This must work only for a certain Vhost
Hugo Leisink
20 September 2010, 08:36
You can try the following configuration:
VirtualHost { ... UseToolkit = ban_scanner }
UrlToolkit { ToolkitID = ban_scanner Match ^/phpmyadmin/.* Ban 300 }
Alex
20 September 2010, 11:08
Hi Hugo,
this works, but my ip is also baned.
Hugo Leisink
20 September 2010, 11:13
In that case, you can use a simple AccessList, as Samiux also suggested.
AccessList = allow <your ip address>, deny all
Alex
20 September 2010, 11:26
I have AccessList already since long time, it is a matter for me to ban the idiots who sniff phpmyadmin and bombard my logfiles.
Hugo Leisink
20 September 2010, 11:35
A ban is also logged. So, that won't change the amount of log entries. What you better can do in your case is to block them in your firewall.
Do you use an IP address or a hostname in the phpmyadmin URL?
Alex
20 September 2010, 11:43
thanks Hugo,
1) Firewall is not possible on my Hoster, its a vServer without loadable kernel module 2) both.
Hugo Leisink
20 September 2010, 11:48
1) Then I seriously suggest you find a better hoster. Even a VPS should have the iptables firewall available. 2) I advice that you use your ip address as the hostname of the default host (the one NOT inside VirtualHost { } ) and give that website a blank page. Use a separate hostname in your domain (for example pma.domain.com) for phpMyAdmin. Use an AccessList for that virtual host. Of course, use a separate logfile for each virtual host. That should keep your pma secure and your logfiles clean. Most vulnerablility scanners do their scanning by IP address, not by hostname.
Alex
20 September 2010, 11:59
ok Hugo, for such weak Hoster, is to be recommended hiawatha urgently thanks.