I'm getting 1000s of lines in my log file from script kiddies who are trying to find phpMyAdmin on my server, all with the user agent "ZmEu". For example:
67.215.12.138 - - [27/Sep/2010:07:56:31 +0100] "GET /phpMyAdmin-2.8.0.1/scripts/setup.php HTTP/1.1" 301 185 "-" "ZmEu"
67.215.12.138 - - [27/Sep/2010:07:56:32 +0100] "GET /phpMyAdmin-2.8.0.2/scripts/setup.php HTTP/1.1" 301 185 "-" "ZmEu"
67.215.12.138 - - [27/Sep/2010:07:56:32 +0100] "GET /phpMyAdmin-2.8.0.3/scripts/setup.php HTTP/1.1" 301 185 "-" "ZmEu"
67.215.12.138 - - [27/Sep/2010:07:56:32 +0100] "GET /phpMyAdmin-2.8.0.4/scripts/setup.php HTTP/1.1" 301 185 "-" "ZmEu"
67.215.12.138 - - [27/Sep/2010:07:56:32 +0100] "GET /phpMyAdmin-2.8.1-rc1/scripts/setup.php HTTP/1.1" 301 185 "-" "ZmEu"
67.215.12.138 - - [27/Sep/2010:07:56:32 +0100] "GET /phpMyAdmin-2.8.1/scripts/setup.php HTTP/1.1" 301 185 "-" "ZmEu"
67.215.12.138 - - [27/Sep/2010:07:56:32 +0100] "GET /phpMyAdmin-2.8.2/scripts/setup.php HTTP/1.1" 301 185 "-" "ZmEu"
67.215.12.138 - - [27/Sep/2010:07:56:33 +0100] "GET /sqlmanager/scripts/setup.php HTTP/1.1" 301 185 "-" "ZmEu"
67.215.12.138 - - [27/Sep/2010:07:56:33 +0100] "GET /mysqlmanager/scripts/setup.php HTTP/1.1" 301 185 "-" "ZmEu"
I don't use phpMyAdmin, so I'm not worried, but it is really annoying.
Can anyone tell me if I can add something to my config file in sites-available to detect the HTTP_USER_AGENT and redirect to an abuse page?
I basically want to achieve the same thing as this article does with Apache's mod_rewrite: http://www.philriesch.com/articles/2010/07/getting-a-little-sick-of-zmeu/
Any help or advice much appreciated,
Simon