[CentOS] httpd - mysql - paypal.com.tar - hacker

Fri Aug 21 22:05:50 UTC 2009
John R Pierce <pierce at hogranch.com>

Chris Boyd wrote:
> On Aug 21, 2009, at 4:17 PM, Ray Van Dolson wrote:
>
>   
>>  - Keep phpMyAdmin up to date.  Best way to do this is to use a
>>    package from a well known repository like EPEL that keeps the
>>    package at the latest version for you.
>>  - Run with SELinux Enforcing
>>  - Protect phpMyAdmin with Basic HTTP authentication instead of
>>    relying only on phpMyAdmin's authentication which does nothing to
>>    prevent the exploitation of many URL-based vulnerabilities.
>>     
>
> What he said, plus change the URL to something other than the default / 
> phpmyadmin/
>   

and, heh, don't post any sort of log analyzer output on any publically 
accessible pages, or your hidden URLs will likely show up and get googled.