httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Albert <...@netrition.com>
Subject Re: [users@httpd] phpmyadmin auth
Date Tue, 09 Jul 2013 21:51:15 GMT
On 7/9/2013 5:46 PM, Jim Albert wrote:
> On 7/9/2013 5:21 PM, Jerry K wrote:
>> configure a local VPN, and only allow access from the VPN IP range is
>> one possible "Plan B".
>>
>> Reviewing my own log files, its amazing how many malware hits there are
>> for this particular software product.
>>
>> What ever you do, be as safe/secure as you can.
>>
>> Good Luck
>>
>> Jerry
> Agreed; the default phpmyadmin aliases are a very common attack point.
> VPN/private address space would absolutely be the best solution, but if
> that's not possible then on top of htpasswd authentication with strong
> passwords, some "security through obscurity" in changing the alias is
> probably not a bad idea to keep out the bot attacks.
>
> Jim
... and verify that SSLRequireSSL is enforced and it should be if you 
are using the phpmyadmin.conf config file.

Jim


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message