$hikiryu->devblog(); : The curious developper's blog 
Categories
- PHP
- Homepage project
- XMLDB
- XMLSQL
- Misc.
- Account
- Javascript
- Experimental-Cut
- Misc.
- Games
- Misc. dev.
- Help Job
- CSS
- Web
- Admin
Archives
Protect your phpMyAdmin
- 26/09/2011 | 0 comment(s)
This morning (or should I say, this night), my website http://shikiryu.com was "attacked" by a bot looking for my phpMyAdmin URL.Of course, being mutualised, I got access to my phpMyAdmin via my host and so not on website directly. That said, nothing disallows me to install it in one of my folders but, hey, no interest and lots of risks
Let's get a look at a sample of log that attack generated:
Mon 26 Sep 2011 01:05:37
190.136.244.187 tried to come at : shikiryu.com/sql/myadmin/
User Agent = Mozilla/5.0 (compatible; Googlebot/6.66; +http://www.google.com/bot.html)
Less than a second between two different requests.
We can see that it took the googlebot user-agent to pass any .htaccess security (which, now, seems useless right ;) ?)
Its IP address indicates it came from Argentina but it can be faked as everybody knows.
Now, here is the list of folders it tried to scan (incomplete because I filtered it a little, removed similarities, etc.):
- /sql/myadmin/
- /sqlmanager/
- /sqladmin/
- /SQL/
- /sl2/data/
- /roundcube/
- /qql/
- /program/
- /PMA2005/
- /websql/
- /pma2005/
- /web/phpMyAdmin/
- /PMA/
- /webdb/
- /phppma/
- /webadmin/
- /phpMyAdmin2/
- /web/
- /phpMyAdmin-2/
- /typo3/phpmyadmin/
- /phpmyadmin2/
- /phpmyadmin1/
- /sql/websql/
- /phpmy-admin/
- /php-myadmin/
- /php-my-admin/
- /sql/webdb/
- /phpmya/
- /phpmy/
- /sql/webadmin/
- /phpmanager/
- /sqlweb/
- /~/phpmanager/
- /phpadmin/
- /~/phpadmin/
- /sql/sqlweb/
- /mysql/web/
- /sql/sqladmin/
- /mysql/sqlmanager/
- /mysql/pMA/
- /mysql/pma/
- /mysql/mysqlmanager/
- /mysqlmanager/
- /sql/sql-admin/
- /mysql/dbadmin/
- /mysql/db/
- /sql/sql/
- /mysqladminconfig/
- /sql/phpMyAdmin2/
- /mysqladmin/
- /mysql/admin/
- /mysql-admin/
- /sql/phpmyadmin2/
- /MyAdmin/
- /~/myadmin/
- /sql/phpMyAdmin/
- /db/websql/
- /db/webdb/
- /sql/phpmy-admin/
- /db/webadmin/
- /db/phpMyAdmin2/
- /sql/php-myadmin/
- /db/phpMyAdmin-2/
- /db/phpmyadmin2/
- /sql/phpmanager/
- /db/myadmin/
- /db/dbweb/
- /db/dbadmin/
- /db/db-admin/
- /dbadmin/
- /db/
- /database/phpMyAdmin2/
- /database/phpmyadmin2/
- /database/phpMyAdmin/
- /database/phpmyadmin/
- /database/database/
- /database/
- /cpphpmyadmin/
- /cpdbadmin/
- /cpanelsql/
- /cpanelphpmyadmin/
- /cpanelmysql/
- /cpadmindb/
- /cpadmin/
- /bbs/data/
- /admin/web/
- /admin/sysadmin/
- /admin/sqladmin/
- /admin/pMA/
- /admin/pma/
- /admin/phpMyAdmin/
- /admin/phpmyadmin/
- /administrator/web/
- /administrator/PMA/
- /administrator/pma/
- /administrator/phpMyAdmin/
- /administrator/phpmyadmin/
- /administrator/db/
- /admin/db/
- /administrator/admin/
- /~/admin/
- /3rdparty/setup.php
- /3rdparty/pma2005/
- /3rdparty/pma/
- /3rdparty/phpMyAdmin/
- /3rdparty/myadmin/
- /3rdparty/dbadmin/
- /3rdparty/admin/
- /3rdparty/
- /mysql/
- /admin/
- /myadmin/
- /pma/
- /db/phpMyAdmin/
- /db/phpmyadmin/
- /PHPMYADMIN/
- /phpMyAdmin/
- /phpmyadmin/
Conclusion :
1. Of course, first of all, avoid those folder names ; but, again, that's not a fixed list, be smart.
2. Avoid using phpMyAdmin directly on your domain. Even with a login/password, you're not safe (and, no, I'm no paranoid, it's just logic : less way into your database, more security).
3. Backup, network lookups and logs are your friends, don't ignore them, they can save your life! (or at least, your website)
Letter Invasion
- 20/07/2011 | 0 comment(s)
You need to stop the falling letters before they destroy your city!3 play modes:
- Easy : letters fall one by one but each time faster
- Normal : 2 letters are falling at the same time!
- Hard : no single letter anymore, words are falling one by one randomly with increasing speed
Can you follow the rythm?
Technically, it's a mix of javascript and processing(js) ; that allows to have js's flexibility and java complexity and power.
Sound Labyrinth
- 20/07/2011 | 0 comment(s)
One evening, in a train, I had this stupid idea of building a game for blind people.So, it had to use sounds which makes me learn how to use Javascript audio API. Sincerely, it's easy and nice to use even if not implemented in all browser nor the same way everywhere. With a certain luck, the game I'll present here uses pretty much common methods. :)
Off with the "tecnical part", let me show you : Blind laby (temporary name ;) )
Goal of it:
As any labyrinth : find the way out.
Rules:
- You must go one square after another.
- Each time you enter a new square, you'll hear 4 sounds respectively from: left, top, right, bottom
- 3 possible sound: a good way, a bad way, a wall
- If chosen, the 2 lasts will end the game.
To try it : http://nu.x10.bz/game2
For now, only 2 levels and still alpha.
ShikiryuRSS : Read and create RSS
- 20/07/2011 | 0 comment(s)
Here I come with my love and craziness for XML with a new PHP class which allows you to read and write RSS.What\'s the point since there are like 32.541 already ? ;)
First, it can really do both (read and write) at the same time and that\'s its best point. Then, because, this way you don\'t need 20 classes to take the RSS, parse it, modify it and give it back (or save it or show it directly).
I did a really good explanation and documentation page in english .
htaccess error : IfModule takes one argument
- 25/03/2011 | 0 comment(s)
If you have this error but you see your .htaccess with all IfModule with one and only one argument, (ie: <IfModule mod_rewrite.c> ) check for line breaks. Notepad++ don't show it very easily. Take windows notepad instead (or any other OS equivalent), it'll pop out :-)page 1 / 6 | Article(s) suivant(s)