[CentOS] PMA attacks

m.roth at 5-cent.us

m.roth at 5-cent.us
Tue Jun 19 18:31:59 UTC 2012


It appears to be a low-level attack, not so frequent as to be banned
permanently, just a number of times a day.

I did google on this, and I gather it's looking for phpmyadmin. We've been
getting one from one specific network in Russia for weeks

Here are more information about 91.201.64.24:

[Querying whois.ripe.net]
[whois.ripe.net]
<snip>
% Information related to '91.201.64.0 - 91.201.67.255'

inetnum:         91.201.64.0 - 91.201.67.255
netname:         Donekoserv
descr:           DonEkoService Ltd
country:         RU
<snip>

But now I'm seeing the same from Azerbaijan, and France, and elsewhere.
Two questions: first, are other folks seeing this? and second, I can't
imagine malware this stupid, to keep hitting the same sites over and over
when it's not found, rather than bad password or user, so I'm wondering if
this could be a targetting vector for an upcoming serious attack using
another vector.

Opinions?

      mark





More information about the CentOS mailing list