[consulting] Drupal web design as hobby - shall I start consulting?

Alexei Malinovski alexei at malinovski.org
Mon Aug 16 05:32:58 UTC 2010


Thank you for an advice! I will look into it.

Actually I use phpmyadmin on 2 sites hosted on Bluehost. So far no problems
with hackers. I use SSH only for automatic backup / recovery via rsync (what
a nice tool is rsync!).

Cheers,
Alexei

2010/8/16 António P. P. Almeida <appa at perusio.net>

> On 16 Ago 2010 00h07 WEST, alexei at malinovski.org wrote:
>
> There's pretty good advice and ideas being floated in this thread. I
> just want to say that if you intend to develop a business having a
> security mindset avoid using stuff like phpmyadmin. It's one of the
> largest web related attack vectors out there.
>
> I had inadvertently left port 80 of my laptop, which has dynamic IP,
> (I'm on a 3.5G link) in the firewall rules open, and bots and
> presumably some sentient beings tried repeatedly to use phpmyadmin
> related URLs.
>
> Instead try to familiarize yourself with the MySQL console client.
> Avoid phpmyadmin altogether. This implies that you need to control the
> hosting environment to a certain degree. Most shared hosting
> providers don't allow SSH access.
>
> Remember that the most sensitive element in the web site chain is the
> DB. You can recover from a defacement more or less easily if the DB
> isn't compromised.
>
> --- appa
>
> _______________________________________________
> consulting mailing list
> consulting at drupal.org
> http://lists.drupal.org/mailman/listinfo/consulting
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/consulting/attachments/20100816/d61d9e6a/attachment-0001.html 


More information about the consulting mailing list