Hello all,
Yesterday evening, in about 2 minutes time, I received more than 60 'page not found' errors in my error log from a 'visitor' at 203.122.58.78. Each of the page not found pages were some combination of ..../admin/.../main.php From the pattern, it looked like someone's attempt to access my PhpMyAdmin page.
Aside from the 'page not found' errors, i cannot tell that anything is wrong with my site...I'd just like to know what the heck is going on, or what may have happened, or what I can do to make sure my site is secure. Strange thing is, its not even live yet. Why would anyone want to access my phpmyadmin page??
Another question - are there tools to track IP addresses like this to find out if they're good or bad in any way?
I'm new at this whole game. I realize playing defense is something I'll need to learn at some point...just wasnt prepared to deal with it now.
Thanks,
Kelly
Comments
Partial answer
I can't answer all your questions, but Drupal can ban select IP addresses.
Either go to Admin > Users > Rules and click "add rule" -- then set a "deny" rule for "host" using the above IP. Doing so will reject any Drupal page requests made from that IP.
Or, if you have logging turned on, you can often go to Admin > Logs > Visitors and ban selected IPs that way. (This is just an easier way to do the above.)
--
http://ken.therickards.com