Tonight I started working on an appendix for the MySQL book, which deals with PHPMyAdmin. So, to start with, obviously, I had to install it.
After installation, I realized that phpmyadmin was now wide open and available, and people could (in theory) start beating up on the web interface to try and guess passwords to the DB. Obviously that would be bad, so I decided to protect it behind some HTTP Authentication stuff.
So I go into a different virtual host, copy out the relevant sections to the clipboard, paste them into the PHPMyAdmin virtual host. I'm smart enough to remember to change the password file. I'm smart enough to remember to change the AuthName to something else. I'm even smart enough to remember to do an /etc/init.d/apache reload afterwards.
What I'm not, apparently, smart enough to do is notice that I copied and pasted the config from a WebDAV host, which didn't have limits on GET requests.
I spent far more time than should be permissible trying to figure out what I was doing wrong that the requests were not generating "enter your password here" dialogs.
Ugh. There's two hours of my life I won't get back.
You could do what I do.. I have a "private" section of the site and rewrite all requests to it that do not contain a certain query string into /dev/nul/
If you've ever locked yourself out of your main machine because you clicked the wrong button...then I won't feel like the only village idiot
I once thought it might be a good idea to:
/sbin/service sshd stop
It wasn't.
I've done 'ifconfig eth0 down' on a remote machine once..
took me 1/100th of a second after hitting 'return' to realize how dumb that was.
Someone should make a book detailing all the little mistakes people make when administering machines ;) It'd be a hilarious read
My favourite is still typing "shutdown -h now" and seeing the response "Connection closed by remote host".
Oops; just halted the _remote_ machine, not the local one...