Jump to content

Just had a hacker on my test server ..

Guest Gimp

By Guest Gimp
in OldGeneral discussion

 Share

Recommended Posts

freghar Advanced Member

freghar

Posted
Posted

phpmyadmin is fine if you have an updated version ... or you might use direct DB access with some GUI client such as navicat / sqlyog.

The thing is not to rely on web app only, use mod_evasive on apache, use port knocking on firewall to get dynamic access, etc, etc ..

Link to comment
Share on other sites
DasBlub Advanced Member

DasBlub

Posted
Posted

use ssh + the mysql cli for db access. configure your iptables correctly and turn your server into a bastion host (default all chains to DROP, only exceptions (e.g. mangos, http) are ACCEPT or FORWARD)

that way you'll be secured. (as long as your password is not '1234' ;))

Link to comment
Share on other sites
Gimp Advanced Member

Gimp

Posted
Posted
use ssh + the mysql cli for db access. configure your iptables correctly and turn your server into a bastion host (default all chains to DROP, only exceptions (e.g. mangos, http) are ACCEPT or FORWARD)

that way you'll be secured. (as long as your password is not '1234' ;))

Ya but the problem with SSH is that it's a pain in the ass to modify things in the DB, especially since our Linux is command line only.

Link to comment
Share on other sites
DasBlub Advanced Member

DasBlub

Posted
Posted

why should that be 'pain in the ass'? i work this way every day ;)

if you look once at professional companies, you'll see, that most don't have any gui installed, and if they have a gui installed the servers are still running at runlevel 3 (=multiuser,network,console) and not runlevel 5 (=multiuser,network,console,gui) ;)

just learn how to use the commands and you'll have no problems with it ;)

Link to comment
Share on other sites
crashuncle Advanced Member

crashuncle

Posted
Posted

Some of the posted PHPMyAdmin leaks work on elder versions, I suggest always to remove it cause its a insecure script if you don't know what you do. I see enough servers where you can even get root access, because they dont run the webserver from the home directory they use the default /var/www/ dir and there are tons of exploits to abuse that.

Use a SQL Client like HeidiSQL or Navicat they are also easy to use, in the meanwhile you should get used to queries. Also use secure passwords AND usernames, try to work with caps ;-)

Link to comment
Share on other sites
freghar Advanced Member

freghar

Posted
Posted
Some of the posted PHPMyAdmin leaks work on elder versions, I suggest always to remove it cause its a insecure script if you don't know what you do. I see enough servers where you can even get root access, because they dont run the webserver from the home directory they use the default /var/www/ dir and there are tons of exploits to abuse that.

Use a SQL Client like HeidiSQL or Navicat they are also easy to use, in the meanwhile you should get used to queries. Also use secure passwords AND usernames, try to work with caps ;-)

What is so insecure about running a webserver chrooted into /var/www/ ?

Link to comment
Share on other sites
 Share
Go to topic listing

Contact Us

To contact us click here
You can also email us at [email protected]

Privacy Policy | Terms & Conditions

Repositories

The Link to the master list
of MaNGOS repositories:
Copyright © getMaNGOS. All rights Reserved.

This website is in no way associated with or endorsed by Blizzard Entertainment®
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy Terms of Use