| Re: Shocking amount of PHP security holes? [message #171107 is a reply to message #171087] |
Fri, 24 December 2010 21:17   |
jimp
Messages: 22
Registered: December 2010
Karma:
|
Junior Member |
|
|
The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
> jimp(at)specsol(dot)spam(dot)sux(dot)com wrote:
>> The Natural Philosopher <tnp(at)invalid(dot)invalid> wrote:
>>
>>> Indeed.My sites show persistent attempts to access something called
>>> phpmyadmin.php, whatever that is..
>>
>> phpMyAdmin is a popular web based tool for MySQL administration and it is not
>> part of PHP.
>>
>> Like any other admin tool, especially web based ones, if you install it and
>> don't keep it secure and up to date, you reap what you sow.
>>
>> As for "persistent attempts", there are tools out there that will note such
>> things and automatically block further attempts.
>>
> well yes, but since the attempts all fail, and I log them anyway what is
> the problem?
I guess it comes down to personal preferences, you prefer to see your logs
full of failed attempts, I prefer to auto-block repeated attempts and see
nothing more in the logs from such places.
>> None of this of course has anything to do with PHP other than phpMyAdmin
>> was written in PHP.
>>
>
> Merely that any live site on the net will be subjected to bots crawling
> all over it looking for holes.
>
> Some of which may try to exploit PHP weaknesses, some not.
Yep, including Sun Solaris machines that get hit constantly looking to see
if well known Windows holes are open.
--
Jim Pennino
Remove .spam.sux to reply.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]