On top of that, kill phpMyAdmin all together from the server.

"How do I update my database architecture?"

Using a combination or ssh port forwarding and a local Management Client.

MySQL Front (Win32) - http://mysqlfront.venturemedia.de/index.php?act=ST&f=1&t=2&s=1a1c5747443deb838a59b393fd11ccc7
CocoaMySQL (OSX) - http://cocoamysql.sourceforge.net/
MySQLCC (Linux) - http://www.mysql.com/products/mysqlcc/index.html


Peter Monk wrote:

Merlin wrote:

I am running a medium size php/mysql website. In the last days I recieved more and more mysql errors due to url tempering. Now my website went down for at least 5 minutes, or more detailed the database server mysql 3.x went down. In the apache logs I found requests like
"connection:close" comming from unspecified clients.

Change your mysql username privileges so that logins can only come
from localhost.

Make sure the phpmyadmin conf file isn't visible to outsiders - it has
your mysql database passwords in it.

Consider using deparate usernames/passwords for each mysql database,
so that if a password becomes known, only one database is open to attack.

Make sure you have no usernames/passwords visible in plain text form in
any world-readable files. Assuming that hackers aren't able to access
known usernames/passwords, they may use brute force attacks to guess
user/password combinations, so make sure your usernames aren't obvious
and that your passwords are strong (ie, not words from a dictionary, combination of numbers and letters, uppercase/lowercase, etc.).

My understanding (limited) is that connections closing isn't necessarily
a sign of illicit behaviour, depending on which log file they're in and
the context of their appearance.

If you think you're a target, change all your passwords (in case they
are known) and tighten your security.


-- I am nothing but a poor boy. Please Donate.. https://www.paypal.com/xclick/business=list%40racistnames.com&item_name=Jordan+S.+Jones

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to