read_dump.php attack

Hi there! Someone attack the server via this phpmyadmin file.
I really don't know exactly how to prevent this attack. When it run that process consume my cpu/ram and finally server crash.

I have php compiled with --enable-memory-limit. It doesnt matter, I think, but there is also enabled Zend Optimizer, php ea.

On php.ini I have
max_execution_time = 20
max_input_time = 30
memory_limit = 4M

I blocked ip but later attacker use other ip and this is unuseful.
Now, as a temporary solution, I changed prm to run every 2 minutes and I added a rule to mod_security to block this file.
Everything working perfect.

But it is a temporary solution as few users already send me complaints about this, they can't work on db and so on.

Someone have an idea?

 

 

 

 

Top