[CentOS] Groups

Mon Jan 31 18:38:32 UTC 2011
Todd <slackmoehrle.lists at gmail.com>

> Also avoid having phpMyAdmin off the main web directory. Ordinary users
> > don't need access and should never have access to it. Hide it away
> > somewhere and create a virtual Apache host to use it with a non-standard
> > port number. Make it hard for the hackers and spoilers to find it.
>
> Um, no. The answer is yum remove phpMyAdmin on a production system. As I
> read the logs for all our servers, and a number are world-visible
> websites, I can't tell you the number of times I've seen probes looking
> for that.


I don't run PHPMyAdmin, I connect to my MySQL over SSH and obviously run SSH
on an alternative port and don't allow root log-ins.

But I do have some fun with those that try and snoop for URL's like
/Php-my-admin, /p/m/a, /admin, /sqlweb, etc, etc. If I see something new
show up, I add it. I redirect them through ReWrite rules to a RewriteRule .*
http://%{REMOTE_ADDR}%{REQUEST_URI} [L,R=301,QSA]

-Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110131/24df96dc/attachment-0005.html>