I think using fail2ban is a good idea as well. I don't know how many of those scripts are checking for obscured urls, but I like doing a mixture of the two. Also, depending on your set up, inner and outer DMZs and firewall rules regulating access (you can only access the inner if you are coming from the outer, etc) are also a good idea (I believe it is security best practices to do it that way, if your'e using DMZs). I know that for some PCI compliance issues, the DB server has to be on a separate server than the site itself, and if that's the case you're probably going to have to be restricting access anyway.
But regarding setting up both issues, I think Ken had it right when he said that you had to explicitly give the users the ability to create new databases. Kind regards, Titus Bolton Antenna Systems & Solutions, Inc. 931 Albion Avenue Schaumburg, Illinois 60193-4550 United States of America Phone: +1-847-584-1000 Fax: +1-847-584-9951 http://www.antennasystems.com GSA Contract Number: GS-35F-0479T Electronic Counter Measures, Trap and Trace Devices, and accessories. Watch our network broadcast television interviews on www.youtube.com/antennasystems Confidentiality note: This message is the property of Antenna Systems & Solutions, Inc. and contains information which may be privileged or confidential. It is meant only for the intended recipients and/or their authorized agents. If you believe you have received this message in error, please notify us immediately by return e-mail and destroy any printed or electronic copies of this message. Any unauthorized use, dissemination, disclosure, or copying of this message or the information contained in it, is strictly prohibited and may be unlawful. Thank you for your cooperation. On Jan 26, 2011, at 11:47 AM, Gerald Waugh wrote: > > On Wed, 2011-01-26 at 09:18 -0800, Ken - Precision Web Hosting, Inc > wrote: > >> Also, on a different note, I don't really like having a url like phpmyadmin >> since it is just another way for brute force attacks to try to guess >> passwords (unless you have software checking those logins and blocking the >> attacks). It would be nice if the GUI let you rename the url to something >> random (and then automatically link to that url). >> > > Not sure if it will survive updates. > But you can edit > /etc/httpd/conf.d/phpMyAdmin.conf > Alias /phpMyAdmin /usr/share/phpMyAdmin > Alias /phpmyadmin /usr/share/phpMyAdmin > I changed mine to; > #Alias /phpMyAdmin /usr/share/phpMyAdmin > #Alias /phpmyadmin /usr/share/phpMyAdmin > Alias /MySQL-Admin /usr/share/phpMyAdmin > > restarted httpd, now only accessible as > http://host.domain.tld/MySQL-Admin > > Gerald > > _______________________________________________ > Blueonyx mailing list > [email protected] > http://www.blueonyx.it/mailman/listinfo/blueonyx
_______________________________________________ Blueonyx mailing list [email protected] http://www.blueonyx.it/mailman/listinfo/blueonyx
