1

Ban all IPs that attempted to access phpmyadmin on your site

 $ grep "phpmyadmin" $path_to_access.log | grep -Po "^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" | sort | uniq | xargs -I% sudo iptables -A INPUT -s % -j DROP 

— by openiduser187 on April 2, 2015, 8:58 a.m.

Explanation

Cheap security bash one-liner to ban all IPs that are probably doing automated attacks.

Make sure your IP isn't listed before piping through iptables drop!!

  1. This will first find all lines in $path_to_access.log that have phpmyadmin in them,

  2. then grep out the ip address from the start of the line,

  3. then sort and unique them,

  4. then add a rule to drop them in iptables

Again, just edit in echo % at the end instead of the iptables command to make sure your IP isn't in there. Don't inadvertently ban your access to the server!

Limitations

You may need to change the grep part of the command if you're on mac or any system that doesn't have grep -P. I'm not sure if all systems start with xargs, so that might need to be installed too. It's super useful anyway if you do a lot of bash.