[CentOS] httpd - mysql - paypal.com.tar - hacker
Chris Boyd
cboyd at gizmopartners.com
Fri Aug 21 22:03:09 UTC 2009
On Aug 21, 2009, at 4:17 PM, Ray Van Dolson wrote:
> - Keep phpMyAdmin up to date. Best way to do this is to use a
> package from a well known repository like EPEL that keeps the
> package at the latest version for you.
> - Run with SELinux Enforcing
> - Protect phpMyAdmin with Basic HTTP authentication instead of
> relying only on phpMyAdmin's authentication which does nothing to
> prevent the exploitation of many URL-based vulnerabilities.
What he said, plus change the URL to something other than the default /
phpmyadmin/
--Chris
More information about the CentOS
mailing list