Weird Unauthorized Access Attempt to MYSQL

A while back I banned a couple of Tawainese IP blocks off my domain where I run wordpress. Today I caught the same IPs just going directly for MYSQL. WTH is that about? The table they tried to access doesn’t exist. I do use BadBehavior plug-in which has caught them before I just put the IP block into htaccess.

Obviously they couldn’t access the database, but I wonder if anyone has seen this and what’s going on there. It’s a URL only a handful of people have yet I kept seeing them hit it even after it moved - they magically just followed with a weird user agent, acting like a bot, from China. It’s just so bizarre. I don’t think this visitor has actually ever done anything, aside from act weird, maybe some comment spam in the past, but these IPs have been banned for so long I don’t even remember if they actually attempted to spam or I just banned them because they were suspcious and from China. - - [26/Sep/2006:15:34:24 -0700] “GET /dh_phpmyadmin/ HTTP/1.0” 401 1031 “-” "MVAClient" - - [26/Sep/2006:15:34:24 -0700] “GET /dh_phpmyadmin/ HTTP/1.0” 401 1031 “-” "MVAClient" - - [26/Sep/2006:15:34:27 -0700] “GET /dh_phpmyadmin/ HTTP/1.0” 401 1031 “-” "-" - - [26/Sep/2006:15:34:29 -0700] “GET /dh_phpmyadmin/ HTTP/1.0” 401 1031 “-” “-”

I think they’re just randomly guessing at subdomains there, but I could be wrong. Either way, I’ve done a bit of research on MVAClient in the past, and it is actually a bot, though at the time that bot’s intentions were unclear. I just banned the IP range it came from anyway.

Yes, I have an opinion.

Get a minimum 50% off with the “haveadreamyday” promo code, and… have a dreamy day. Original, no?