Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: ET SCAN ZmEu Scanner User-Agent Inbound  (Read 1380 times)

0 Members and 1 Guest are viewing this topic.


  • Guest
ET SCAN ZmEu Scanner User-Agent Inbound
« on: May 26, 2018, 10:11:15 pm »

ZmEu is a computer vulnerability scanner which searches for web servers that are open to attack through the phpMyAdmin program, It also attempts to guess SSH passwords through brute-force methods, and leaves a persistent backdoor. ZmEu is a bot that tries to find vulnerabilities in phpMyAdmin (usually looks for phpmyadmin/scripts/setup.php file) and other web applications.ZmEu appears to be a security tool used for discovering security holes in  version 2.x.x of phpMyAdmin, a web based MySQL database manager.


phpMyAdmin is a free and open source administration tool for MySQL and MariaDB. As a portable web application written primarily in PHP, it has become one of the most popular MySQL administration tools, especially for web hosting services.

The ZmEu attack can make vulnerable all web server utilizing PHP applications. So that can cause Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

So the attack is a hacker is trying to find out the presence phpMyadmin in the server. Once he is able to locate the phpMyadmin in the server he will try to find out the security hole for getting into the site. This we can consider as a major attack because the hackers can exploit the MySQL and the entire data base, He can also get the serious credential details from the sire.


1) Upgrade the related PHP applications to the latest version.

2) Block all the suspicious IPs. This will not block the attacks, as attackers use different IPs each time. But I think it’s a good practice to block requests coming from zombies in case more malicious attacks, and maybe more dangerous than ZmEu, are coming from there in the future. You can use iptables to block these addresses:

3) Install ModSecurity. It is an open source web application firewall that will help you securing your Apache web server. With this Apache module you’ll be able to block almost any attack.

4) Every attack of this kind creates a performance leak, as a 404 error page must be generated and served. You can create an antibot.php file.

5) Add security rules to your .htaccess file in the web root directory. If you don’t have one, just create it. Remember you must have mod_rewrite installed and loaded.

6) Iptables rule: Adding the Zmeu to the iptables for blocking