How private are the configuration settings
Posted: Fri Apr 27, 2012 1:20 am
Hi all,
I have experienced something alarming.
To start I am NOT accusing anyone the thing below can for sure be a real coincidence but still I want to get your feedback and experience.
After installing and testing the database API first on a server that is not reachable from the outside world, yesterday afternoon, I have copied the installation to one of my public servers.
Again, this really can be a coincidence but within a couple of hours after installing it on that public server, the server was 'visited' by someone with an IP address from Hongkong that clearly was trying to find my installed version of phpMyAdmin (/admin/phpmyadmin/index.php, /db/index.php, /phpMyAdmin-2.5.7-pl1/index.php,/phpMyAdmin-2.5.6/index.php, /phpMyAdmin-2.2.6/index.php, and many mores (65 tries )).
How sure are we that the information in the config file (db-host, DB-user, db-password) is not transferred to some server?
Before you start to ask, yes I did put a .htaccess file on the admin dir right after all was working.
I have experienced something alarming.
To start I am NOT accusing anyone the thing below can for sure be a real coincidence but still I want to get your feedback and experience.
After installing and testing the database API first on a server that is not reachable from the outside world, yesterday afternoon, I have copied the installation to one of my public servers.
Again, this really can be a coincidence but within a couple of hours after installing it on that public server, the server was 'visited' by someone with an IP address from Hongkong that clearly was trying to find my installed version of phpMyAdmin (/admin/phpmyadmin/index.php, /db/index.php, /phpMyAdmin-2.5.7-pl1/index.php,/phpMyAdmin-2.5.6/index.php, /phpMyAdmin-2.2.6/index.php, and many mores (65 tries )).
How sure are we that the information in the config file (db-host, DB-user, db-password) is not transferred to some server?
Before you start to ask, yes I did put a .htaccess file on the admin dir right after all was working.