I found out that if someone was able to hack any FTP account on my server and upload Adminer they could alter the database. I tried Google'ing a way to block or prevent Adminer from working, but got no where. Anyone have any ideas?
Asked
Active
Viewed 658 times
1 Answers
3
Anyone have any ideas?
Fix the problem, not the symptom. Stop using unencrypted FTP, it's highly insecure, and take other steps to secure your system. Blocking Adminer doesn't block any of the dozens of other similar systems (in PHP and otherwise), nor does it block someone from writing custom code that also alters the database.
If they get your FTP username and password, it's game over already. Use SFTP with key-based authentication for starters. The database should use separate a username/password so even if someone got a script onto your server it couldn't access the database without that also being compromised.
ceejayoz
- 33,432