I have server running in the Internet, there is php-program which is used by a little company. I have made .htaccess files to public_html and the php-program folder. Also I have robots.txt to ignore bots.

In php-program folder I have .htaccess file which looks like:

IndexIgnore *
<Limit GET POST>
order deny,allow
deny from all
allow from company-IP
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
AuthName website domain

I also have in php-program folder a login file, where company log in to php-program. It is based to mysql databases, and it is protected md5 and mysql username and password is 10 characters mixed by symbols, numbers and upper/lower fonts.

One spamming spider bot is visiting directly in my php-program folder. And error messages what I get looks like:

/php-program/msgbook.php
Http Code: 404Date: Jun 09 07:29:35Http Version: HTTP/1.0Size in Bytes: -
Referer: -
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

or another

/php-program/removemsg.php?id=32
Http Code: 404Date: Jun 09 07:25:35Http Version: HTTP/1.0Size in Bytes: -
Referer: -
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

About an hour ago my client did visit those same paths and remove that message which id is 32. I dont know how that bot get those same paths.

That bot get 404 error message, but is he able to hack my mysql databases or read my information another way and is this secure allthought?

Thank you!

(sry for bad english)

[edited by: Rafa at 6:50 am (utc) on June 9, 2009]