The Chinese probe for known vulnerabilities in phpmyadmin, so be sure and change the root directory name from that suggested by the installation.
Todd Merriman Software Toolz, Inc.
On 17.04.2013 16:54, Software Toolz Authority wrote:
The Chinese probe for known vulnerabilities in phpmyadmin, so be sure and change the root directory name from that suggested by the installation.
Todd Merriman Software Toolz, Inc.
Everybody is probing everything. :)
Moving the directory name might break software updates (if installed via yum)!
EPEL phpMyAdmin comes with a config file in /etc/httpd/conf.d, you can allow/deny stuff there. Also enabling HTTP auth in phpMyAdmin might help, too if you use strong passwords.
On Wed, Apr 17, 2013 at 12:01 PM, Nux! nux@li.nux.ro wrote:
On 17.04.2013 16:54, Software Toolz Authority wrote:
The Chinese probe for known vulnerabilities in phpmyadmin, so be sure and change the root directory name from that suggested by the installation.
Todd Merriman Software Toolz, Inc.
Everybody is probing everything. :)
Moving the directory name might break software updates (if installed via yum)!
EPEL phpMyAdmin comes with a config file in /etc/httpd/conf.d, you can allow/deny stuff there. Also enabling HTTP auth in phpMyAdmin might help, too if you use strong passwords.
Or set Apache ACLs in the vhost config. Or set iptables firewall rules.
Excluding Asia won't work for all or global companies, but works fine for others.
-- Sent from the Delta quadrant using Borg technology!
Nux! www.nux.ro _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
SilverTip257 wrote:
On Wed, Apr 17, 2013 at 12:01 PM, Nux! nux@li.nux.ro wrote:
On 17.04.2013 16:54, Software Toolz Authority wrote:
The Chinese probe for known vulnerabilities in phpmyadmin, so be sure and change the root directory name from that suggested by the installation.
Everybody is probing everything. :)
<snip>
Excluding Asia won't work for all or global companies, but works fine for others.
Yup. Just "Asia" is silly - I see them all the time, and it's not just China and Korea, but those real nasties in Brazil, and the Netherlands, and Russia, and some Germans, and occasional the Brits... and, of course, let's not forget all those nasty evil scum trying to break in... from the US.
mark
On Wed, Apr 17, 2013 at 12:48 PM, m.roth@5-cent.us wrote:
SilverTip257 wrote:
On Wed, Apr 17, 2013 at 12:01 PM, Nux! nux@li.nux.ro wrote:
On 17.04.2013 16:54, Software Toolz Authority wrote:
The Chinese probe for known vulnerabilities in phpmyadmin, so be sure and change the root directory name from that suggested by the installation.
Everybody is probing everything. :)
<snip> > Excluding Asia won't work for all or global companies, but works fine for > others.
Yup. Just "Asia" is silly - I see them all the time, and it's not just China and Korea, but those real nasties in Brazil, and the Netherlands, and Russia, and some Germans, and occasional the Brits... and, of course, let's not forget all those nasty evil scum trying to break in... from the US.
Agreed -- the abuse is not just from one continent or country.
But at the same time it's not prudent to allow anyone access to a service (host/port/page/whatever) when they have no need to.
Perfect example being people who let SSH open to the world on production boxes and do little to nothing to protect it.
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, Apr 18, 2013 at 8:14 AM, SilverTip257 silvertip257@gmail.com wrote:
But at the same time it's not prudent to allow anyone access to a service (host/port/page/whatever) when they have no need to.
Perfect example being people who let SSH open to the world on production boxes and do little to nothing to protect it.
How do you handle the ACL when multiple users need the ssh access?
Use case scenario, I have setup CentOS based LAMP servers (as an admin) and pay extra for static IPs to assure my clients that I access their servers from specific IPs only. However, the web developers who keep making changes (per client request) need sftp access to the boxen; their respective ISP service, provide only dynamic IPs (or charge extra which the freelancer will not pay for)
At the moment, I have had to leave it open with fail2ban monitoring the ssh port.
Am 18.04.2013 08:44, schrieb Arun Khan:
On Thu, Apr 18, 2013 at 8:14 AM, SilverTip257 silvertip257@gmail.com wrote:
But at the same time it's not prudent to allow anyone access to a service (host/port/page/whatever) when they have no need to.
Perfect example being people who let SSH open to the world on production boxes and do little to nothing to protect it.
How do you handle the ACL when multiple users need the ssh access?
Use case scenario, I have setup CentOS based LAMP servers [...] the web developers who keep making changes (per client request) need sftp access to the boxen; their respective ISP service, provide only dynamic IPs (or charge extra which the freelancer will not pay for)
At the moment, I have had to leave it open with fail2ban monitoring the ssh port.
ACLs won't cut it in that scenario, but limiting SSH to public key authentication (ie. disabling password authentication) and disabling direct root login should be sufficiently secure.
HTH T.
On Thu, Apr 18, 2013 at 10:00 PM, Tilman Schmidt t.schmidt@phoenixsoftware.de wrote:
Am 18.04.2013 08:44, schrieb Arun Khan:
On Thu, Apr 18, 2013 at 8:14 AM, SilverTip257 silvertip257@gmail.com wrote:
But at the same time it's not prudent to allow anyone access to a service (host/port/page/whatever) when they have no need to.
Perfect example being people who let SSH open to the world on production boxes and do little to nothing to protect it.
How do you handle the ACL when multiple users need the ssh access?
Use case scenario, I have setup CentOS based LAMP servers [...] the web developers who keep making changes (per client request) need sftp access to the boxen; their respective ISP service, provide only dynamic IPs (or charge extra which the freelancer will not pay for)
At the moment, I have had to leave it open with fail2ban monitoring the ssh port.
ACLs won't cut it in that scenario,
Exactly.
but limiting SSH to public key authentication (ie. disabling password authentication) and
Agreed but explaining the concept to WAMP web application developers ....
disabling direct root login should be sufficiently secure.
This is the first thing I do after installation is complete :)
On Thu, Apr 18, 2013 at 2:44 AM, Arun Khan knura9@gmail.com wrote:
On Thu, Apr 18, 2013 at 8:14 AM, SilverTip257 silvertip257@gmail.com wrote:
But at the same time it's not prudent to allow anyone access to a service (host/port/page/whatever) when they have no need to.
Perfect example being people who let SSH open to the world on production boxes and do little to nothing to protect it.
How do you handle the ACL when multiple users need the ssh access?
You could create an iptables chain specifically for those needing SSH access. For a boat load of customers though this may not scale well.
On many of my systems anyone other than sys admins do not need SSH access. And on top of that people that work remotely have VPN access.
Clearly, my situation is different than yours but maybe you can adapt something.
Use case scenario, I have setup CentOS based LAMP servers (as an admin) and pay extra for static IPs to assure my clients that I access their servers from specific IPs only. However, the web developers who keep making changes (per client request) need sftp access to the boxen; their respective ISP service, provide only dynamic IPs (or charge extra which the freelancer will not pay for)
At the moment, I have had to leave it open with fail2ban monitoring the ssh port.
If fail2ban is working well then stick with it. I more often use fail2ban on vsftp and sasl auth logs since ssh is all but isolated from the outside world on _most_ boxes.
-- Arun Khan Sent from my non-iphone/non-android device _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Cheers,
Hello, It is interesting how my thread took off. Anyway, I found the config files, the my.conf file for mysql and the phpMyAdmin.conf file. However, I cannot access it from the same linux box, using localhost, or any of the systems in my local network. I found a tutorial online and it was aimed at a local network because the tutorial had one opening it up to accept connections from any ip and it didn't get into securing it with SSL. Even after following that, I still got the message that I do not have permission to access the directory where phpmyadmin is. I did wget and moved it to my apache server document root. So, my goals are twofold, and in the order listed. 1) First, I'd like to have a box on my network that I can SSH to and run applications that require mysql db, eg. drupal, owncloud, and some php mvc frameworks. This could be from my local network, e.g. 192.168.0.6 accessing the Centos box at 192.168.0.4 2) Then, I want to access it using a domain, which I have that currently points to the machine.
I did this previously and was accessing the phpmyadmin from the domain that I had purchased and using a dynamic IP service, I have it pointing to my network. At this point, I don't have the means to offer a server for friends and family, or others. What is difficult is the phpmyadmin issue and the mysql db. I took one course on Lynda.com that dealt with this topic and it used Ubuntu which has a wizard that lets you setup the username/pw for the db and phpmyadmin. With Centos, I just used yum to download mysql and I used wget to get phpmyadmin. I have not been able to find the default username and password when it is installed in this fashion. I have the root account which I think by default is without a password. I just don't know how to access the phpmyadmin directory. It is possible to just create a db using the command line but I'd like to figure the phpmyadmin access issue out. Thanks, Bruce
Bruce Whealton wrote: <snip>
I have the root account which I think by default is without apassword. I just don't know how to access the phpmyadmin directory. It is possible to just create a db using the command line but I'd like to
figure
the phpmyadmin access issue out.
I haven't been following this thread... but did anyone (maybe even me, dipping in) mention rpm -ql phpmyadmin, and look at all the files and where they are? Also, have you looked at the documentation for it that comes in the package?
mark
Regards,
YB Tan Sri Dato' Sri Adli a.k.a Dell
my.linkedin.com/pub/yb-tan-sri-dato-sri-adli-a-k-a-dell/44/64b/464/ H/p number: (017) 362 3661
________________________________ From: "m.roth@5-cent.us" m.roth@5-cent.us To: CentOS mailing list centos@centos.org Sent: Thursday, April 18, 2013 12:48 AM Subject: Re: [CentOS] phpmyadmin location
SilverTip257 wrote:
On Wed, Apr 17, 2013 at 12:01 PM, Nux! nux@li.nux.ro wrote:
On 17.04.2013 16:54, Software Toolz Authority wrote:
The Chinese probe for known vulnerabilities in phpmyadmin, so be sure and change the root directory name from that suggested by the installation.
Everybody is probing everything. :)
<snip>
Excluding Asia won't work for all or global companies, but works fine for others.
Yup. Just "Asia" is silly - I see them all the time, and it's not just China and Korea, but those real nasties in Brazil, and the Netherlands, and Russia, and some Germans, and occasional the Brits... and, of course, let's not forget all those nasty evil scum trying to break in... from the US.
mark
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Regards,
YB Tan Sri Dato' Sri Adli a.k.a Dell
my.linkedin.com/pub/yb-tan-sri-dato-sri-adli-a-k-a-dell/44/64b/464/ H/p number: (017) 362 3661
________________________________ From: SilverTip257 silvertip257@gmail.com To: CentOS mailing list centos@centos.org Sent: Thursday, April 18, 2013 12:31 AM Subject: Re: [CentOS] phpmyadmin location
On Wed, Apr 17, 2013 at 12:01 PM, Nux! nux@li.nux.ro wrote:
On 17.04.2013 16:54, Software Toolz Authority wrote:
The Chinese probe for known vulnerabilities in phpmyadmin, so be sure and change the root directory name from that suggested by the installation.
Todd Merriman Software Toolz, Inc.
Everybody is probing everything. :)
Moving the directory name might break software updates (if installed via yum)!
EPEL phpMyAdmin comes with a config file in /etc/httpd/conf.d, you can allow/deny stuff there. Also enabling HTTP auth in phpMyAdmin might help, too if you use strong passwords.
Or set Apache ACLs in the vhost config. Or set iptables firewall rules.
Excluding Asia won't work for all or global companies, but works fine for others.
-- Sent from the Delta quadrant using Borg technology!
Nux! www.nux.ro _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Regards,
YB Tan Sri Dato' Sri Adli a.k.a Dell
my.linkedin.com/pub/yb-tan-sri-dato-sri-adli-a-k-a-dell/44/64b/464/ H/p number: (017) 362 3661
________________________________ From: Nux! nux@li.nux.ro To: CentOS mailing list centos@centos.org Sent: Thursday, April 18, 2013 12:01 AM Subject: Re: [CentOS] phpmyadmin location
On 17.04.2013 16:54, Software Toolz Authority wrote:
The Chinese probe for known vulnerabilities in phpmyadmin, so be sure and change the root directory name from that suggested by the installation.
Todd Merriman Software Toolz, Inc.
Everybody is probing everything. :)
Moving the directory name might break software updates (if installed via yum)!
EPEL phpMyAdmin comes with a config file in /etc/httpd/conf.d, you can allow/deny stuff there. Also enabling HTTP auth in phpMyAdmin might help, too if you use strong passwords.
Regards,
YB Tan Sri Dato' Sri Adli a.k.a Dell
my.linkedin.com/pub/yb-tan-sri-dato-sri-adli-a-k-a-dell/44/64b/464/ H/p number: (017) 362 3661
________________________________ From: Software Toolz Authority mailist@toolz.com To: CentOS@centos.org Sent: Wednesday, April 17, 2013 11:54 PM Subject: Re: [CentOS] phpmyadmin location
The Chinese probe for known vulnerabilities in phpmyadmin, so be sure and change the root directory name from that suggested by the installation.
Todd Merriman Software Toolz, Inc.
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Arun Khan -
Bruce Whealton -
m.roth@5-cent.us -
Nux! -
SilverTip257 -
Software Toolz Authority -
Tilman Schmidt -
YB Tan Sri Dato Sri' Adli a.k.a Dell