It appears to be a low-level attack, not so frequent as to be banned permanently, just a number of times a day. I did google on this, and I gather it's looking for phpmyadmin. We've been getting one from one specific network in Russia for weeks Here are more information about 91.201.64.24: [Querying whois.ripe.net] [whois.ripe.net] <snip> % Information related to '91.201.64.0 - 91.201.67.255' inetnum: 91.201.64.0 - 91.201.67.255 netname: Donekoserv descr: DonEkoService Ltd country: RU <snip> But now I'm seeing the same from Azerbaijan, and France, and elsewhere. Two questions: first, are other folks seeing this? and second, I can't imagine malware this stupid, to keep hitting the same sites over and over when it's not found, rather than bad password or user, so I'm wondering if this could be a targetting vector for an upcoming serious attack using another vector. Opinions? mark