I have a classifieds website...
As you might imagine, as a webmaster (administrator) I need to sometimes remove classifieds, edit them etc etc.
I have my own Linux server, with root access offcourse.
Currently I have a section of my website with all administrative php scripts which I use to remove classifieds, edit them etc:
/www/adm/ //Location of administrative tools
This section above is protected today by a simple authentication using apache2.conf file:
<Directory /var/www/adm>
AuthType Basic
AuthName "Adm"
AuthUserFile /path/to/password
Require user username
</Directory>
My question is, is this enough to prevent outsiders access to my administrative tools?
Because it would be devastating if somebody with the wrong intentions got their hands on these tools. They would be able to delete all records from my databases... I do have backups, but it would mean tons of work...
What is usually done in cases like this?
Only thing I can think of is upload the administrative scripts whenever I plan on using them, and then remove them from the server after using them.
Other information which may help you decide what solution I should use:
- I manage the website and server from only one and same computer
- The IP adress is dynamic of that computer
- I use secure ftp transfers of files to server
- The administrative tools are PHP codes which communicate with the databases
- I have IPTables firewall setup to only allow connections to database from my own server/website.
- I backup all files every day
Thanks