How to thwart the “GET /phpMyAdmin/scripts/setup.php ” or “POST /phpMyAdmin/scripts/setup.php ” attack

I usually don’t post highly technical stuff on my blog but this one was entertaining in a geek sort of way. I was tired of seeing script kiddies try this brute force attack on my server. I googled the heck out of it and tried some of the suggestions but nothing was working so I engineered my own fix. Here it is.

rename the /usr/share/phpMyAdmin/scripts/setup.php script to something else. Replace it with the following code:


Create a file in that directory called stopit.html with the following code:

    <TITLE>Stop It!</TITLE> 
<H1 ALIGN=CENTER>Stop It!</H1> 
   <IMG SRC="stopit.jpg">

Here is my stopit.jpg


Leave a Reply

Your email address will not be published. Required fields are marked *