[CentOS] httpd - mysql - paypal.com.tar - hacker

Fri Aug 21 22:42:09 UTC 2009
Ross Walker <rswwalker at gmail.com>

On Aug 21, 2009, at 5:47 PM, "Gregory P. Ennis" <PoMec at PoMec.Net> wrote:

>
> On Fri, Aug 21, 2009 at 5:31 PM, Ray Van Dolson<rayvd at bludgeon.org>  
> wrote:
>
>>
>> Nope, but you can take steps to prevent (or make it more difficult)  
>> for
>> people that shouldn't be accessing it from accessing it.
>>
>> Apache allow from, etc... basic authentication, make sure you're  
>> using
>> HTTPS and selinux.
>
> Along these lines (following up here, though it's mostly to the OP),
> you may also want to look at your php.ini for some hardening as well.
> The default php.ini ships with allow_url_fopen enabled, which tells
> php to treat remote files like they're local. In some cases this is
> needed, but I really consider it a huge security hole, and if
> disabling doesn't break your website, I would suggest you do so.
>
> ----------------
>
> Jim,
>
> Great suggestion.  Thank you!!!!!

You weren't the only one who had phpmyadmin used to exploit their  
server.

There was a thread not too long back of another who's server was  
hacked through some phpmyadmin script injection exploit.

For everyone who reads this:

Do Not run phpmyadmin on a forward facing server!

It is for behind the firewall only! And even then to restricted users  
over SSL protected by password.

-Ross