Forum Topic: people looking for /scripts and /phpmyadmin

Forum: .htaccess Forum : General • Posted by RememberToForget • Updated:

They also look for /wp-content, /wp-admin, etc.

First of all, sometimes the phpmyadmin request has a referer: my own site, with a long, nasty-looking URL (i.e., http://site.com/phpmyadmin/www.phpmyadmin.com/phpmyadmin or something to that effect). I googled "spoof referer" and saw that people can easily do this, but still I have no idea if that's really the case.

With their looking for /wp-whatever, the answer is pretty obvious, i.e., someone is looking for a vulnerability. Funny, thus far all confusing/questionable people seem to be in France or Russia based on ip lookups.

The /scripts search is interesting, I've tried googling about this but haven't found anything yet. Are they looking for free JS plugins or what? :)

Anyway I haven't done anything yet because I really need to just re-read the book from cover to cover again. I don't want to make dumb newbie mistakes that send out all these "come and get me" vibes.

1 Reply to “people looking for /scripts and /phpmyadmin”

Jeff Starr
Posted by Jeff Starr

Yes it's trivial to spoof the referrer, user agent, and other details of the request. This is why it's optimal to filter based activity rather than identity.

/scripts is just another string to check that they've added to the scans.. it may be a first step in some exploit, or it could reveal other available locations to scan, and so forth. There is a bottomless supply of such odd requests, and most are safely ignored as they pose no real threat (other than wasting resources and being a nuisance in general).

I'm thinking that scripts directory is checked to see if views are enabled; if so, chances are it will be investigated further.. The question is do you bother blocking such odd requests, or let the server respond with a simple 404 Not Found?