4

I'm hoping someone can help as I'm a bit of a noob when it comes to apache mod rewrite, and getting this one wrong can screw things up pretty bad.

While going though my security logs I noticed that almost 50% of the attacker bots had the string phpmyadmin (different case, sometimes with version numbers in it). i.e.

hhhh://www.example.com/phpmyadmin/

hhhh://www.example.com/something/phpMyAdmin/

hhhh://www.example.com/something/morestuff/phpMyAdmin/

hhhh://www.example.com/phpMyAdmin-2.11.3/scripts/setup.php

etc. etc. etc.

I'm wondering is there a way I can use mod rewrite to trap all of these and send them to

hhhh://www.example.com/bottrap/index.php

or something similar. (hhhh -> http - spam protection wouldn't allow http)

I figured just for good measure I'd add a deny to all in the robots.txt file and say thanks for the visit by contributing the ip address to the honeypot project.

I can handle the php stuff, but even after reading mod rewrite documentation, I'm still pretty lost. Any help would be much appreciated.

user1887194
  • 45
  • 4

1 Answers1

1

As long as you don't have any legitimate requests for anything containing "phpmyadmin", then you can simply do add this rule near the top of the htaccess file in your document root:

RewriteRule phpbbadmin /bottrap/index.php [L]

Include the R flag if you actually want to redirect the request: [L,R].

I figured just for good measure I'd add a deny to all in the robots.txt file and say thanks for the visit by contributing the ip address to the honeypot project.

I doubt these bots honor the robots.txt file. If anything these are compromised websites or otherwise users unwittingly hosting malicious code either on their websites or home PCs. You can include a DENY From <ipaddress> in the htaccess file if the requests get annoying, but adding them in the robots.txt probably isn't going to do much.

Adding NC makes it pick up case variations.

RewriteRule phpmyadmin /phpmyadmin/index.php [L,NC]
user1887194
  • 45
  • 4
Jon Lin
  • 142,182
  • 29
  • 220
  • 220
  • 1
    Thanks for the quick response... The reason for adding to the robots.txt is to bait scumbots. All I have in the bottrap directory is a small php program that adds a deny from x.x.x.x (the ip address of whoever executed the file) to the .htaccess file for the site. I run a local business that only serves a geographic area of about 50 miles or less around me, so blocking out huge areas of the globe (All of Europe/Asia/South America has cut the amount of crap WAY down. Now I just need to cut off the badly behaved VPS/hosting companies that have users that are running scraper/attack bots. – user1887194 Dec 08 '12 at 06:10