"7. Secure MySQL by only allowing root logins from a
few management systems and not from localhost.
"This one sounds a bit strange, but by doing this it makes it
very hard for someone to root your mysql if all they have is a user
account on your LAMP server (hopefully some of you can see the
"Say for example all your admins sit behind a nat box that has
the ip 126.96.36.199 then the commands for mysql to lock it down
would be like this : update user set host = '188.8.131.52' where
user="root"; that will leave the root passwords intact and only
allow logins from a single management IP, but NOT localhost."