It appears to be a low-level attack, not so frequent as to be banned
permanently, just a number of times a day.
I did google on this, and I gather it's looking for phpmyadmin. We've been
getting one from one specific network in Russia for weeks
Here are more information about 91.201.64.24:
[Querying whois.ripe.net]
[whois.ripe.net]
<snip>
% Information related to '91.201.64.0 - 91.201.67.255'
inetnum: 91.201.64.0 - 91.201.67.255
netname: Donekoserv
descr: DonEkoService Ltd
country: RU
<snip>
But now I'm seeing the same from Azerbaijan, and France, and elsewhere.
Two questions: first, are other folks seeing this? and second, I can't
imagine malware this stupid, to keep hitting the same sites over and over
when it's not found, rather than bad password or user, so I'm wondering if
this could be a targetting vector for an upcoming serious attack using
another vector.
Opinions?
mark