It redirects them back to them self, actually and they get whatever they might be running for a web-server on the local machine if anything. It nothing they get a not found http://en.wikipedia.org/wiki/HTTP_301 On Mon, Jan 31, 2011 at 11:50 AM, <m.roth at 5-cent.us> wrote: > Todd wrote: > >> Also avoid having phpMyAdmin off the main web directory. Ordinary users > >> > don't need access and should never have access to it. Hide it away > >> > somewhere and create a virtual Apache host to use it with a > >> non-standard > >> > port number. Make it hard for the hackers and spoilers to find it. > >> > >> Um, no. The answer is yum remove phpMyAdmin on a production system. As I > >> read the logs for all our servers, and a number are world-visible > >> websites, I can't tell you the number of times I've seen probes looking > >> for that. > > > > I don't run PHPMyAdmin, I connect to my MySQL over SSH and obviously run > > SSH on an alternative port and don't allow root log-ins. > > > > But I do have some fun with those that try and snoop for URL's like > > /Php-my-admin, /p/m/a, /admin, /sqlweb, etc, etc. If I see something new > > show up, I add it. I redirect them through ReWrite rules to a RewriteRule > > .* > > http://%{REMOTE_ADDR}%{REQUEST_URI} [L,R=301,QSA] > > Hmmm... what's that do? The thought that comes to mind is to redirect them > to a known malware site, or some site that you consider to have the most > obnoxious set of popups/popunders/driftons (preferably all at the same > time), or maybe a pr0n site.... > > mark "and I think you should deposit at least 1% of that $25M US > in this bank account I'll set up...." > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110131/0057bd01/attachment-0005.html>