ScientiaMobile

Hi all,

I have experienced something alarming.
To start I am NOT accusing anyone the thing below can for sure be a real coincidence but still I want to get your feedback and experience.

After installing and testing the database API first on a server that is not reachable from the outside world, yesterday afternoon, I have copied the installation to one of my public servers.
Again, this really can be a coincidence but within a couple of hours after installing it on that public server, the server was 'visited' by someone with an IP address from Hongkong that clearly was trying to find my installed version of phpMyAdmin (/admin/phpmyadmin/index.php, /db/index.php, /phpMyAdmin-2.5.7-pl1/index.php,/phpMyAdmin-2.5.6/index.php, /phpMyAdmin-2.2.6/index.php, and many mores (65 tries )).

How sure are we that the information in the config file (db-host, DB-user, db-password) is not transferred to some server?
Before you start to ask, yes I did put a .htaccess file on the admin dir right after all was working.

Hi mbrans,

I can appreciate your concern, but I can assure you that there is nothing in the API that will expose your configuration settings. The phpMyAdmin searches you're seeing are very common - we see thousands of requests per day on our public-facing webservers. If you are concerned about these, I would recommend you take a look at the software fail2ban. Anyway, this is outside the scope of our support, but you can rest easy knowing your configuration is safe!