Banning people from accessing my sites

Question

I was looking at my apache logs and saw this:

[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/db
[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/sqlmanager
[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/mysqlmanager
[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/php-myadmin
[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/phpmy-admin
[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/webadmin
[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/sqlweb
[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/websql
[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/webdb
[Wed Feb 02 00:56:54 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/mysqladmin
[Wed Feb 02 00:56:55 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/mysql-admin
[Wed Feb 02 00:56:55 2011] [error] [client 93.190.64.23] File does not exist: /srv/www/dogself.com/public_html/admin

Is there a recourse I can take against this that isn't too involved? I wouldn't mind blacklisting all IPs that ever request /phpmy-admin for example.

score 4 · Answer 1 · edited Apr 13 '17 at 12:14

In your httpd.conf you need to ensure that where you have:

<Directory /srv/www/dogself.com/public_html/the-real-phpmyadmin-folder>
  ...
</Directory>

You add the following:

Order deny,allow
Deny from all
Allow from <your ip>

Now no-one can access phpmyadmin unless they're coming from your IP. Another thing you could do is talked about here.

score 2 · Answer 2 · answered May 10 '11 at 12:49

If you must, then use 'fail2ban' to dynamically configure your firewall, and/or mod_security, and/or a custom handler for these urls which reconfigures your firewall.

But all you are likely to achieve is block requests which would have returned a 404 response anyway.

score 0 · Answer 3 · answered May 11 '11 at 10:33

First make sure there is no vulnerable software on your apache webserver, such as older versions of phpmyadmin (why would the outside world need access to phpmyadmin anyway).

After that you may try for example fail2ban. Be careful with your filtering rules, causing a lot of 404 errors is not an attack by itself. And trying to block things like this can backfire.

Other options are mod_security or an http screening firewall.

Banning people from accessing my sites

3 Answers3