[CentOS] httpd - mysql - paypal.com.tar - hacker
John R Pierce
pierce at hogranch.com
Fri Aug 21 22:05:50 UTC 2009
Chris Boyd wrote:
> On Aug 21, 2009, at 4:17 PM, Ray Van Dolson wrote:
>
>
>> - Keep phpMyAdmin up to date. Best way to do this is to use a
>> package from a well known repository like EPEL that keeps the
>> package at the latest version for you.
>> - Run with SELinux Enforcing
>> - Protect phpMyAdmin with Basic HTTP authentication instead of
>> relying only on phpMyAdmin's authentication which does nothing to
>> prevent the exploitation of many URL-based vulnerabilities.
>>
>
> What he said, plus change the URL to something other than the default /
> phpmyadmin/
>
and, heh, don't post any sort of log analyzer output on any publically
accessible pages, or your hidden URLs will likely show up and get googled.
More information about the CentOS
mailing list