Jump to content
The Uniform Server Community

AlleyKat

Super Moderator
  • Posts

    83
  • Joined

  • Last visited

Posts posted by AlleyKat

  1. Moved /home/admin/www/phpMyAdmin and phyMyBackupPro into /srv/www/

    Why keep those hidden in a sub directory, this complicates the update process for the user?

    For security reasons, a lot of devs still open the server to the world to allow (clients|customers|co-devs) access during website development. PMA is pre-setup to be open with mysql root/admin access - in my www folder I have another PMA set up with an account with limited access. Could be fixed with .htaccess of course, but to be on the safe side I think this approach is better.

     

    I'm not sure I agree completely with jacob lee, but the changes/differences are quite profound, so maybe a good idea to call it something more/else so users don't get the idea that it's a US with extra features - it's changed in more ways than one. Call it "Ota's US++" and I think we'll be on the safe side.

     

    But nice job, I like it - except for the size, ofcourse. :)

  2. It's the new way config files should look in PMA causing this - delete the (second and third) section below the first, those with 'blank' entries.

     

    The first error you describe sounds like a small mistake was made by update of the PMA in uniserver, libraries\select_lang.lib.php needs to be fixed.

  3. Sorry, your english is fine but I have no idea what you are saying...? You don't want to secure the data? OK by me. It's an offline server? Then surely noone has hacked their way into it and deleted the databases, ofcourse.

     

    If this happened due to data corruption or a fault with hardware (like hd crash) well, nothing to do. That is why one should make regular backups.

     

    If this has happened due to you for instance copying or updating/-grading the uniserver, you've most likely just started a different MySQL and your data (all databases) would then just be in another folder somewhere.

     

    As I don't quite get what you mean, I'm not sure how to help - but you could start out by searching the entire HD for folders and files named like the databases. They're stored in diskw\usr\local\mysql\data\ in the UniServer folder.

     

    It sounds highly unreasonable to me that your databases should have gone missing one by one from a running MySQL unless it's compromised somehow. It's just... unheard of.. well maybe not, but it doesn't sound very likely. Have you checked the windows logs to see if any reports were made of corruption? And the Apache logs to se if anyone from the outside hit it on port 80?

     

     

    To secure MySQL properly, I'll just repeat the steps:

    1) Change the root account's password (and update the various related files/scripts). Or one-up it, and change the root users name too.

    2) Block MySQL from accessing anything but localhost/127.0.0.1 - or block port 3306 from anything but localhost/127.0.0.1, same result.

    3) As you say yourself, have each script use its own DB with own privileged-only user.

     

     

    And between phpMyBackupPro and the Windows Scheduler, you can even automate it... :)

  4. First of all, change the root password of MySQL. That's the safest.* Second, take regular exports of your complete database(s) or just the server - the phpMyBackupPro and phpMyAdmin easily accomplices this. Or do regular backups of the mysql folder (W:\usr\local\mysql) to be safe.

     

    * = To change it via phpMyAdmin goto PMA's front page, Privileges, look up user root, change pass.

     

    Same place you add users btw.

  5. Sure does.

     

    Please edit that post again ASAP; if this is write access to FTP, someone could hack your system very very quickly by uploading a script (if this is in the webroot at all).

     

    [edit] I removed the addres. But it certainly works -

    File: addClan.php 1 KB 10-01-2006 14:11:00

    File: addTourneystaff.php 2 KB 10-01-2006 14:11:00

    File: add_Clan.php 3 KB 10-01-2006 14:11:00

    File: add_Tourneystaff.php 2 KB 10-01-2006 14:11:00

    File: allmedals.php 1 KB 10-01-2006 14:11:00

    - need I say more... :(

  6. And port forward that port number, yes. If your FTP uses port 8884, forward that one. 21 is just what is default for FTP servics, like the webserver it can be on any port - it just makes it harder to find (which, IMHO, is a good thing for an FTP :( ).

  7. OK, didn't mean to confuse. But didn't you route port 81 thru to your server to have it work from the outside at some point?

     

    There's a different procedure for each and every router make and model out there, so I can't tell you what to click, not even if I knew who your ISP is, what their policies are and what equipment you use. These things you ned to find out first (well I don't care about the ISP's name, but their policies are very important if they block stuff in their network).

     

    Usually you connect to the router via a web interface or Telnet, see the routers manual for details on how to let a service/port pass thru. It's usually done by defining port to forward and IP to forward it to. You get your pc's local IP number by going to a DOS prompt and running "ipconfig".

  8. Well, just like you need to have port 80 routed thru to your pc for uniserver to work from the outside, so do you need to route port 21 thru for FTP (if your FTP is using port 21, that is). No difference in procedure - however you opened port 80, do the same for your ftp port.

  9. Please be more specific when reporting, always give exact apache, mysql and php versions so we're sure that we're talking about the same thing.

     

    I *think* the dll isn't needed for php5, but I'm not sure.

  10. About many problems, hmmm... don't we all...

     

    About the first, see the many topics on the same subject around this forum. You need to forward port 80 from router to webserver, and remove the "deny from all, allow from 127.0.0.1" in the default .htaccess in w:\www\ to make it work.

     

    About invalid IP, uhmm... I didn't quite get that explanation. php-files where? And does editing the .htaccess change this?

  11. it diverts to my router login
    Do you mean to the routers web admin interface? It really shouldn't - that could mean the router is open on port 80 (and thus taking over port 80 itself). A routers admininterface should never be generally open to the net.
×
×
  • Create New...