Thank you for an advice! I will look into it. <br><br>Actually I use phpmyadmin on 2 sites hosted on Bluehost. So far no problems with hackers. I use SSH only for automatic backup / recovery via rsync (what a nice tool is rsync!).<br>
<br>Cheers,<br>Alexei<br><br><div class="gmail_quote">2010/8/16 António P. P. Almeida <span dir="ltr"><<a href="mailto:appa@perusio.net">appa@perusio.net</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
On 16 Ago 2010 00h07 WEST, <a href="mailto:alexei@malinovski.org">alexei@malinovski.org</a> wrote:<br>
<br>
There's pretty good advice and ideas being floated in this thread. I<br>
just want to say that if you intend to develop a business having a<br>
security mindset avoid using stuff like phpmyadmin. It's one of the<br>
largest web related attack vectors out there.<br>
<br>
I had inadvertently left port 80 of my laptop, which has dynamic IP,<br>
(I'm on a 3.5G link) in the firewall rules open, and bots and<br>
presumably some sentient beings tried repeatedly to use phpmyadmin<br>
related URLs.<br>
<br>
Instead try to familiarize yourself with the MySQL console client.<br>
Avoid phpmyadmin altogether. This implies that you need to control the<br>
hosting environment to a certain degree. Most shared hosting<br>
providers don't allow SSH access.<br>
<br>
Remember that the most sensitive element in the web site chain is the<br>
DB. You can recover from a defacement more or less easily if the DB<br>
isn't compromised.<br>
<font color="#888888"><br>
--- appa<br>
</font><div><div></div><div class="h5"><br>
_______________________________________________<br>
consulting mailing list<br>
<a href="mailto:consulting@drupal.org">consulting@drupal.org</a><br>
<a href="http://lists.drupal.org/mailman/listinfo/consulting" target="_blank">http://lists.drupal.org/mailman/listinfo/consulting</a><br>
</div></div></blockquote></div><br>