There was a usernames leakage on Directadmin servers through phpMyAdmin logs recently discovered. And here we will guide you through the security update in order to protect your server against this vulnerability.
In order to test your server open in a browser the following link (replace domain.com with a real domain name from your server):
If your server is affected by the vulnerability you'll see a listing of log-files, which might contain sensitive information such as usernames and IPs.
Create custom file:
touch /etc/httpd/conf/extra/httpd-custom-poralix.conf
Open the newly created file in a text editor with the following command:
vi /etc/httpd/conf/extra/httpd-custom-poralix.conf
Add content:
<Directory "/var/www/html"> Options -Indexes </Directory> <Directory "/var/www/html/*/log"> Deny from all </Directory> <Directory "/var/www/html/*/sql"> Deny from all </Directory>
Save and exit the text editor.
Include the custom file into the running configuration:
echo "Include /etc/httpd/conf/extra/httpd-custom-poralix.conf " | tee -a "/etc/httpd/conf/extra/httpd-includes.conf"
And restart Apache
service httpd restart
Have a nice day!