How to process hacking attempts?

I quite frequently see logentries like this:

Processing MenuController#menu (for 81.18.246.182 at 2010-09-29
21:06:22) [GET]
  Parameters: {"anything"=>["phpMyAdmin", "config", "config.inc.php"],
"p"=>"phpinfo()"}
Redirected to http://85.214.197.248/authentication/login
Filter chain halted as
[#<Proc:0xb74c7784@/home/xxx/yyy.de/releases/20100929164559/vendor/rails/actionpack/lib/action_controller/verification.rb:82>]
rendered_or_redirected.
Completed in 1ms (DB: 0) | 302 Found
[http://85.214.197.248/phpMyAdmin/config/config.inc.php?p=phpinfo();]

Obviously these guys try to find some weakness in my server. They very
often retry a list of login attempts to get some successful login
sending Parameters like this:
{"anything"=>["phpMyAdmin"]}
{"anything"=>["phpmyadmin","config","config.inc.php"],"p"=>"phpinfo()"}
{"anything"=>["pma","config","config.inc.php"], "p"=>"phpinfo()"}
{"anything"=>["admin","config","config.inc.php"],"p"=>"phpinfo()"}
{"anything"=>["dbadmin","config","config.inc.php"],"p"=>"phpinfo()"}
{"anything"=>["mysql","config","config.inc.php"],"p"=>"phpinfo()"}
{"anything"=>["php-my-admin","config","config.inc.php"],"p"=>"phpinfo()"}
{"anything"=>["myadmin","config","config.inc.php"],"p"=>"phpinfo()"}
{"anything"=>["PHPMYADMIN","config","config.inc.php"],"p"=>"phpinfo()"}
{"anything"=>["phpMyAdmin","config","config.inc.php"],"p"=>"phpinfo()"}
{"anything"=>["p","m","a","config","config.inc.php"],"p"=>"phpinfo()"}

What's the best way to process these hacking attempts?

If it’s from a consistent set of IP addresses, you can ban them.
Not a full solution obviously, but a good first step.

compose-unknown-contact.jpg

No, I tested 3 IP addresses: Russia, USA, Netherlands.

it is not wise to simply ban the ips, cause this can be a simple
botnet scanning. so, real users are not even aware of what's foing on.

you can try to block this kind of requests on the webserver before it
goes to the rails stack like this (nginx)

    location ~ \.php$ {
        deny all;
    }

I guess, I simply should send a 404.

Since my server needs to be accessable from a quite small region and I'm
uninterested in getting it indexed by search engines, it would be
possible to reject any request, that comes from outside the region.

How to programmaticaly get the origin of an IP address?

I wouldn't bother doing that from Rails. That'd be easier to set up either at the firewall or web server level.
Would use a lot less resources.

Simon

That's also not very wise, since I occasionally use phpmyadmin myself.
(In normal mode, it is stopped and a cronjob stops automatically every
night for security.)

Fritz Trapper wrote in post #973449:

That's also not very wise, since I occasionally use phpmyadmin myself.
(In normal mode, it is stopped and a cronjob stops it automatically
every night for security.)

That's not wise at all. PhpMyAdmin has known security holes, and there
are better MySQL admin tools available anyway.

Best,

And what about webmin?

Please quote when replying.

Fritz Trapper wrote in post #973537:

And what about webmin?

What about it?

Best,