Apache phpMyAdmin spam-pot

This is for preventing 404 errors when hackers try to guess your phpmyadmin setup file location. This is based off the project honey-pot concept. The bot stops searching once it finds a file its after and thus reduces the load on your server (actually this is not strictly true, sometimes they will just search for every directory regardless).

  1. Created a spam-pot php page.
  2. Copy the basic folder structure that they search for e.g. sometimes its config.php rather than setup.php
  3. Create a shed load of Apache AliasMatch rules to redirect the various requests to the spam-pot directory

PHP spam pot

Its just a one line php file.

error_log(sprintf('phpMyAdmin hacking attempt %s %s', $_SERVER['REMOTE_ADDR'], $_SERVER['PHP_SELF']));

Directory structure

  • spam-pot/
    • index.php
    • main.php
    • config/config.inc.php
    • scripts/setup.php

Apache config

Spammers try all sorts of different directory structures, AliasMatch helps with that, but then the below is required to capture the final specific directories they try.

AliasMatch ^/.*PMA/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*PMA2005/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*PMA2006/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pma/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*/administrator/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*database/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*database-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*databaseadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*databasemanager/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*databaseweb/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*/db/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*db-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*dbadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*dbmanager/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*dbweb/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*myadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*mysql/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*mysql-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*mysqladmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*mysqlmanager/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*p/m/a/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pMA/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pMA2005/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pMA2006/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*php-my-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*php-myadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.2\.3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.2\.6/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.2\.7-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.4/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.5/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.5-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.5-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.5-rc2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.6/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.6-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.6-rc2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.7/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.7-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-alpha/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-alpha2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-beta1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-beta2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-pl2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-pl3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-rc2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-rc3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1-pl2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1-pl3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1-rc2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.2-beta1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.2-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.2-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.3-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.3-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4-pl2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4-pl3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4-pl4/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.7\.0/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.7\.0-beta1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.7\.0-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.7\.0-pl2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.7\.0-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0-beta1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0-rc2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0\.1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0\.2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0\.3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0\.4/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.1-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpmanager/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpmy-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpmyadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpmyadmin1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpmyadmin2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pma/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pma2005/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pma2006/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*/sql/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*sql-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*sqladmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*sqlmanager/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*sqlweb/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*sysadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*/web/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*webadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*webdb/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*websql/(.*\.php)$ "/var/www/html/spam-pot/$1"

Advertisements

3 thoughts on “Apache phpMyAdmin spam-pot

  1. GMR says:

    Smart idea. A sweet, working and easy solution for an annoying thing.
    I was always annoyed by those stupid scans even though my server is pretty secure if it’s about accessing adminsites over the internet but never knew how to prevent those scans with redirects (you never know how secure your server really is) and stuff like that and tutorials etc are insufficient here in my eyes, so thanks a lot for this! :]

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s