This was a little more overt and quite frankly faster than I expected. They were nice enough to sign it though.
[Sun Sep 18 08:09:48 2011] [error] [client 210.71.198.186] Â File does not exist: /var/www/w00tw00t.at.blackhats.romanian.anti-sec:) [Sun Sep 18 08:09:49 2011] [error] [client 210.71.198.186] Â File does not exist: /var/www/phpMyAdmin [Sun Sep 18 08:09:50 2011] [error] [client 210.71.198.186] Â File does not exist: /usr/share/phpmyadmin/scripts [Sun Sep 18 08:09:50 2011] [error] [client 210.71.198.186] Â File does not exist: /var/www/pma [Sun Sep 18 08:09:51 2011] [error] [client 210.71.198.186] Â File does not exist: /var/www/myadmin [Sun Sep 18 08:09:52 2011] [error] [client 210.71.198.186] Â File does not exist: /var/www/MyAdmin
Well, the script was written by Romanians (according to a quick search). The list of attempted hacks seems remarkably short for a brute force scripted attack. Just for the record, the whois owner of that address is currently:
Taiwan Taipei Chtd Chunghwa Telecom Co. Ltd
although, as I know far too well now for all the wrong reasons, the whois data isn’t always useful, helpful or correct.