Apparent attack on MySQL database

Recently, there seems to be an attack on my site from IP 70.86.27.154 and here are the 404 errors generated by the scumbag:

/typo3/phpmyadmin/scripts/setup.php
/mysqladmin/scripts/setup.php
/myadmin/scripts/setup.php
/mysql/scripts/setup.php
/db/scripts/setup.php
/scripts/setup.php
/dbadmin/scripts/setup.php
/phpadmin/scripts/setup.php
/phpMyAdmin/scripts/setup.php
/pma/scripts/setup.php
/phpmyadmin2/scripts/setup.php
/phpmyadmin1/scripts/setup.php
/phpmyadmin/scripts/setup.php
/php-my-admin/scripts/setup.php
/xampp/phpmyadmin/scripts/setup.php
/web/phpMyAdmin/scripts/setup.php
/websql/scripts/setup.php
/phpMyAdmin-2/scripts/setup.php
/phpMyAdmin-2.5.5-rc1/scripts/setup.php
/phpMyAdmin-2.5.4/scripts/setup.php
/phpMyAdmin-2.5.6-rc1/scripts/setup.php
/phpMyAdmin-2.5.5/scripts/setup.php
/phpMyAdmin-2.2.3/scripts/setup.php
/phpMyAdmin-2.6.0-alpha/scripts/setup.php
/phpMyAdmin-2.6.0-rc3/scripts/setup.php
/phpMyAdmin-2.6.0-pl1/scripts/setup.php
/phpMyAdmin-2.6.0-pl3/scripts/setup.php
/phpMyAdmin-2.6.1-rc1/scripts/setup.php
/phpMyAdmin-2.6.1-pl2/scripts/setup.php
/phpMyAdmin-2.6.3/scripts/setup.php
/phpMyAdmin-2.6.1-pl1/scripts/setup.php
/phpMyAdmin-2.6.2-pl1/scripts/setup.php
/phpMyAdmin-2.6.2-rc1/scripts/setup.php
/phpMyAdmin-2.6.1-rc2/scripts/setup.php
/phpMyAdmin-2.6.2-rc1/scripts/setup.php
/phpMyAdmin-2.6.2-beta1/scripts/setup.php
/phpMyAdmin-2.6.4-pl2/scripts/setup.php
/phpMyAdmin-2.6.3-pl1/scripts/setup.php
/phpMyAdmin-2.6.3-rc1/scripts/setup.php
/phpMyAdmin-2.6.4-rc1/scripts/setup.php
/phpMyAdmin-2.7.0-rc1/scripts/setup.php
/phpMyAdmin-2.6.4-pl3/scripts/setup.php
/phpMyAdmin-2.8.0-rc1/scripts/setup.php
/phpMyAdmin-2.6.4-pl4/scripts/setup.php
/phpMyAdmin-2.7.0-pl2/scripts/setup.php
/phpMyAdmin-2.8.0/scripts/setup.php
/phpMyAdmin-2.8.0.2/scripts/setup.php
/phpMyAdmin-2.8.2/scripts/setup.php
/phpMyAdmin-2.8.0.3/scripts/setup.php
/phpMyAdmin-2.8.0.4/scripts/setup.php
/phpmanager/scripts/setup.php
/sqlmanager/scripts/setup.php
/phpMyAdmin-2.8.1/scripts/setup.php
/phpMyAdmin-2.8.1-rc1/scripts/setup.php
/pma2005/scripts/setup.php
/PMA2005/scripts/setup.php
/phpmy-admin/scripts/setup.php
/webadmin/scripts/setup.php
/websql/scripts/setup.php
/mysql-admin/scripts/setup.php
/phpMyAdmin/scripts/setup.php
/web/scripts/setup.php
/phpMyAdmin-2.2.6/scripts/setup.php
/php-my-admin/scripts/setup.php
/phpMyAdmin-2.5.1/scripts/setup.php
/phpmyadmin/scripts/setup.php
/phpMyAdmin-2.5.5-pl1/scripts/setup.php
/phpMyAdmin-2.5.5-rc2/scripts/setup.php
/phpMyAdmin-2.5.6/scripts/setup.php
/phpMyAdmin-2.5.6-rc2/scripts/setup.php
/phpMyAdmin-2.5.7/scripts/setup.php
/phpMyAdmin-2.5.7-pl1/scripts/setup.php
/phpMyAdmin-2.6.0-alpha2/scripts/setup.php
/phpMyAdmin-2.6.0-rc2/scripts/setup.php
/phpMyAdmin-2.6.0-rc1/scripts/setup.php
/phpMyAdmin-2.6.0-beta1/scripts/setup.php
/phpMyAdmin-2.6.0-beta2/scripts/setup.php
/phpMyAdmin-2.6.1-pl3/scripts/setup.php
/phpMyAdmin-2.6.0-pl2/scripts/setup.php
/phpMyAdmin-2.6.0/scripts/setup.php
/phpMyAdmin-2.6.1/scripts/setup.php
/phpMyAdmin-2.6.2/scripts/setup.php
/phpMyAdmin-2.6.4-pl1/scripts/setup.php
/phpMyAdmin-2.7.0-beta1/scripts/setup.php
/phpMyAdmin-2.6.3/scripts/setup.php
/phpMyAdmin-2.7.0/scripts/setup.php
/phpMyAdmin-2.7.0-pl1/scripts/setup.php
/phpMyAdmin-2.6.4/scripts/setup.php
/phpMyAdmin-2.8.0-rc2/scripts/setup.php
/phpMyAdmin-2.8.0-beta1/scripts/setup.php
/phpMyAdmin-2.8.0.1/scripts/setup.php
/p/m/a/scripts/setup.php
/mysqlmanager/scripts/setup.php
/webdb/scripts/setup.php
/mysqladmin/scripts/setup.php
/php-myadmin/scripts/setup.php
/sqlweb/scripts/setup.php

Here is the full transcript of an example 404 message I got:

Time of the error: January 26 07:18pm
browser: ZmEu
Page Requested: /web/scripts/setup.php
Referer:
IP Address: 70.86.27.154
Hostname: img329.imageshack.us

Could DreamHost ban the IP address from all their hosted sites?

The IP address is owned by ThePlanet.com and is associated with a site called comportco.com which is a company that provides software related to petroleum engineering. It is possible that his site was hacked and then used as a jump off point for additional attacks on your site and others. I would notify ThePlanet.com of the situation at abuse@theplanet.com (see the whois info posted below.) You might also consider sending an email to the owner of the site at wfair@comportco.com since he may be unaware that he could potentially be a victim.

Whois record:

[Querying whois.arin.net]
[Redirected to rwhois.theplanet.com:4321]
[Querying rwhois.theplanet.com]
[rwhois.theplanet.com]
%rwhois V-1.5:003eff:00 whois.theplanet.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-THEPLANET-BLK-13
network:Auth-Area:70.84.0.0/14
network:Network-Name:TPIS-BLK-70-86-27-0
network:IP-Network:70.86.27.152/29
network:IP-Network-Block:70.86.27.152 - 70.86.27.159
network:Organization-Name:comportco.com
network:Organization-City:Houston
network:Organization-State:TX
network:Organization-Zip:77034
network:Organization-Country:USA
network:Description-Usage:customer
network:Server-Pri:ns1.theplanet.com
network:Server-Sec:ns2.theplanet.com
network:Tech-Contact;I:abuse@theplanet.com
network:Admin-Contact;I:abuse@theplanet.com
network:Created:20100828
network:Updated:20110126

Mark

Today my site was attacked IP 70.86.27.154. I’ve blocked it, of course. And strange why owners of THEPLANET.COM continue it?

That IP address tried attacking one of my Drupal sites on Monday night