[CentOS] PMA attacks

Tue Jun 19 18:31:59 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

It appears to be a low-level attack, not so frequent as to be banned
permanently, just a number of times a day.

I did google on this, and I gather it's looking for phpmyadmin. We've been
getting one from one specific network in Russia for weeks

Here are more information about

[Querying whois.ripe.net]
% Information related to ' -'

inetnum: -
netname:         Donekoserv
descr:           DonEkoService Ltd
country:         RU

But now I'm seeing the same from Azerbaijan, and France, and elsewhere.
Two questions: first, are other folks seeing this? and second, I can't
imagine malware this stupid, to keep hitting the same sites over and over
when it's not found, rather than bad password or user, so I'm wondering if
this could be a targetting vector for an upcoming serious attack using
another vector.