Ian Channing

It's pixels, all the way down

Apache phpMyAdmin spam-pot

This is for preventing 404 errors when hackers try to guess your phpmyadmin setup file location. This is based off the project honey-pot concept. The bot stops searching once it finds a file its after and thus reduces the load on your server (actually this is not strictly true, sometimes they will just search for every directory regardless).

  1. Created a spam-pot php page.
  2. Copy the basic folder structure that they search for e.g. sometimes its config.php rather than setup.php
  3. Create a shed load of Apache AliasMatch rules to redirect the various requests to the spam-pot directory

PHP spam pot

Its just a one line php file.

error_log(sprintf('phpMyAdmin hacking attempt %s %s', $_SERVER['REMOTE_ADDR'], $_SERVER['PHP_SELF']));

Directory structure

  • spam-pot/
    • index.php
    • main.php
    • config/config.inc.php
    • scripts/setup.php

Apache config

Spammers try all sorts of different directory structures, AliasMatch helps with that, but then the below is required to capture the final specific directories they try.

AliasMatch ^/.*PMA/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*PMA2005/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*PMA2006/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pma/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*/administrator/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*database/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*database-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*databaseadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*databasemanager/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*databaseweb/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*/db/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*db-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*dbadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*dbmanager/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*dbweb/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*myadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*mysql/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*mysql-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*mysqladmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*mysqlmanager/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*p/m/a/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pMA/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pMA2005/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pMA2006/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*php-my-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*php-myadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.2\.3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.2\.6/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.2\.7-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.4/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.5/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.5-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.5-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.5-rc2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.6/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.6-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.6-rc2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.7/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.5\.7-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-alpha/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-alpha2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-beta1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-beta2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-pl2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-pl3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-rc2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.0-rc3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1-pl2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1-pl3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.1-rc2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.2-beta1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.2-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.2-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.3-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.3-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4-pl2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4-pl3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4-pl4/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.6\.4-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.7\.0/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.7\.0-beta1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.7\.0-pl1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.7\.0-pl2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.7\.0-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0-beta1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0-rc2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0\.1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0\.2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0\.3/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.0\.4/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.1-rc1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin-2\.8\.2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpMyAdmin2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpmanager/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpmy-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpmyadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpmyadmin1/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*phpmyadmin2/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pma/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pma2005/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*pma2006/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*/sql/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*sql-admin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*sqladmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*sqlmanager/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*sqlweb/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*sysadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*/web/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*webadmin/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*webdb/(.*\.php)$ "/var/www/html/spam-pot/$1"
AliasMatch ^/.*websql/(.*\.php)$ "/var/www/html/spam-pot/$1"

Ian Channing

3 responses to “Apache phpMyAdmin spam-pot”

  1. GMR avatar
    GMR

    Smart idea. A sweet, working and easy solution for an annoying thing.
    I was always annoyed by those stupid scans even though my server is pretty secure if it’s about accessing adminsites over the internet but never knew how to prevent those scans with redirects (you never know how secure your server really is) and stuff like that and tutorials etc are insufficient here in my eyes, so thanks a lot for this! :]

    Like

    Reply
    1. ianchanning avatar
      ianchanning

      Thanks @GMR, glad it was a help 🙂

      Like

      Reply
  2. phpMyAdmin setup not password protected; getting hit a lot by hackers – Just just easy answers

    […] the below code (over 100 different combinations that were used – I put these up separately in post on my blog so as not to flood this page) which redirects the various requests to the spam-pot […]

    Like

    Reply

Leave a reply to phpMyAdmin setup not password protected; getting hit a lot by hackers – Just just easy answers Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.