Your server, FreeBSD, Apache, php.
The site offers both over http and https. Bolted phpMyAdmin, here is the excerpt from httpd.conf
Alias /myadmin "/usr/local/www/sites/phpMyAdmin/"
<Directory "/usr/local/www/sites/phpMyAdmin/">
Options none
AllowOverride Limit
Order Deny,Allow
Deny from all
Allow from all
Noticed that someone goes through all popular addresses, hoping to stumble on phpMyAdmin
error.log:
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/phpmyadmin
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/phpMyAdmin
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/db
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/web
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/PMA
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/admin
[error] [client 72.95.223.67] File does not exist: /usr/local/www/sites/data/mysql
And as a result he still stumbles to the correct address.
As the most simple (I'm a novice in these matters)
to protect themselves from such a bust, or at least make them unsuccessful?There is an idea to close the http access address
mysite.ru/myadminthat would have opened only https (no redirects), but how to do it too, don't know yet.
What to do advise?
Thank you in advance.