[CentOS] httpd - mysql - paypal.com.tar - hacker
John R Pierce
pierce at hogranch.comFri Aug 21 22:05:50 UTC 2009
- Previous message: [CentOS] httpd - mysql - paypal.com.tar - hacker
- Next message: [CentOS] httpd - mysql - paypal.com.tar - hacker
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris Boyd wrote: > On Aug 21, 2009, at 4:17 PM, Ray Van Dolson wrote: > > >> - Keep phpMyAdmin up to date. Best way to do this is to use a >> package from a well known repository like EPEL that keeps the >> package at the latest version for you. >> - Run with SELinux Enforcing >> - Protect phpMyAdmin with Basic HTTP authentication instead of >> relying only on phpMyAdmin's authentication which does nothing to >> prevent the exploitation of many URL-based vulnerabilities. >> > > What he said, plus change the URL to something other than the default / > phpmyadmin/ > and, heh, don't post any sort of log analyzer output on any publically accessible pages, or your hidden URLs will likely show up and get googled.
- Previous message: [CentOS] httpd - mysql - paypal.com.tar - hacker
- Next message: [CentOS] httpd - mysql - paypal.com.tar - hacker
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list