just checked my Apache logs and stumbled upon this log: Client denied by server configuration. What I found weird, are the different phpMyAdmin versions. The IP is in Czech: http://whois.domaintools.com/188.120.221.206
Am I just too overcautious?
What specific can I do against it?
logs http://img.skitch.com/20100315-tdp21pf8ect9nkbep4es3m81xy.jpg
I agree with Andrey. Its an attack from a random scanner bot. They crawl the internet (usually within a specified ip range) looking for known exploits on servers, then report their findings back to the wraith hive ship for culling.
Edit: Not sure why this post was deleted. In addition...
These scanner bots don't cause much of a problem unless you're running a version of apache with known exploits (many of these bots are programmed to detect buffer overflows and other web server software related bugs) or you have common tools in your web root (ie, phpMyAdmin). Keep all your web tools under lock-and-key (use apache's basic auth over https, pretty secure) and don't set your root password to 'cheese'.
Edit2: Post updated from SO.com
As the other posts here mention this is way too common nowadays to find on daily logs vulnerability scanners(crawlers), I recommend to set some spam traps and honeypots so you can help to catch this guys, and at the same time protect yourself using blacklists to ban them access directly from their IP on your server. Some months ago I found my self like you, I had lots of rows on my log like the following
195.140.144.30 - - [16/Aug/2011:00:49:33 +0300] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 239 "-" "ZmEu"
The interesting issue was that all were 404 errors, first I decided to stop that adding ban to the agent ZmEu but that was not enough, searching and searching I found the Project Honeypot and found that it rocks! I wrote some small scripts for add some well known bandits on my deny list and the rest I left it to some code provided by them you can find them on Project Honeypot.
Also you can find on the net some good php scripts to create own blacklists and some .htaccess rules to deny access to most well known bad user agents.
If you install any Application from Open source or common PHP tools like php_my_admin , blogs, or CRMS, rename all their install(remove them if possible) and administration folders to something cryptic and use .httacess to set passwords.
Another thing is that you often review your logs ban the offending IPS.
A good example and reference is found here.
Due your web Server is public you must set some access rules if you want to avoid unwanted surprises.
On my personal experience all that effort has been well worth at least site traffic from those exploiters has diminished on the last 5 months.
Also I recommend you give this article a read.
A path or connection attempt violated the permission definitions set by your Apache configuration. As @Andrey said, usually this is an indication that someone is trying to find a way in. My best recommendation however, is to look for some of the Apache 2.x hardening guides and make sure you don't have any gaping holes.
Update: Now that you have your logs up, it looks like this person is trying to access you MyPHPAdmin. XAmmp, probably setup that those paths are only accessible by 'localhost', which in turn creates a permission denied for any external access. Either way, my previous recommendation still stands...
Maybe you can try the installation of "Fail2Ban" application to ban those IPs to reduce the risk...
This is internet background noise. My recommendation is to use an application like OSSEC or Fail2ban to automatically ban these types of attacks.
