PMA attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



It appears to be a low-level attack, not so frequent as to be banned
permanently, just a number of times a day.

I did google on this, and I gather it's looking for phpmyadmin. We've been
getting one from one specific network in Russia for weeks

Here are more information about 91.201.64.24:

[Querying whois.ripe.net]
[whois.ripe.net]
<snip>
% Information related to '91.201.64.0 - 91.201.67.255'

inetnum:         91.201.64.0 - 91.201.67.255
netname:         Donekoserv
descr:           DonEkoService Ltd
country:         RU
<snip>

But now I'm seeing the same from Azerbaijan, and France, and elsewhere.
Two questions: first, are other folks seeing this? and second, I can't
imagine malware this stupid, to keep hitting the same sites over and over
when it's not found, rather than bad password or user, so I'm wondering if
this could be a targetting vector for an upcoming serious attack using
another vector.

Opinions?

      mark


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux