On 7/9/2013 5:46 PM, Jim Albert wrote:
... and verify that SSLRequireSSL is enforced and it should be if you are using the phpmyadmin.conf config file.On 7/9/2013 5:21 PM, Jerry K wrote:configure a local VPN, and only allow access from the VPN IP range is one possible "Plan B". Reviewing my own log files, its amazing how many malware hits there are for this particular software product. What ever you do, be as safe/secure as you can. Good Luck JerryAgreed; the default phpmyadmin aliases are a very common attack point. VPN/private address space would absolutely be the best solution, but if that's not possible then on top of htpasswd authentication with strong passwords, some "security through obscurity" in changing the alias is probably not a bad idea to keep out the bot attacks. Jim
Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|