It has come to our attention that we have had a decent number of alerts about machines scanning on our networks in the last day. All of them have been running hacks from /tmp named things like /tmp/dd_ssh etc. These files are owned and run by the apache user, and on further investigation all put there by an old PHPMyAdmin install.
If you run something like PHPMyAdmin then this is the time to upgrade it. If you get stuck or are unsure in any way then we are happy to help out.
It always pays to keep your system up to date to prevent excessive traffic or downtime.
2 responses to “Old versions of PHPMyAdmin and Automated Scanning”
Liz, Thanks for the reminder to keep everything upgraded.
I came across this forum post that suggested disabling phpmyadmin folder with chmod. Seems like a quick and easy way to enable and disable so it can be open only when needed.
Posting the link here in case it is helpful:
http://www.directadmin.com/forum/showthread.php?t=23890
Good idea, it also pays to change your authentication to HTTP verses cookie based so it pops up a login. This also prevents you from being logged out as often and helps hide versions and other information that could result in an exploit