View Full Version : Securing PHPmyadmin
17th July 2010, 07:38
I was curious about a few things. I have read that phpmyadmin can be vulnerable to the www. I wanted to do 2 things.
1. Change the "phpmyadmin" folder to another name like "mysqlmanagement".
2. Create a .htaccess file with the following in it: "Allow from 127.0.0.1" so that only the local machine can access phpmyadmin.
Now renaming the folder was easy enough even for me :) I just have to manually type in the url which is fine. But I still thought I would ask if there is a simple way to change where the tools phpmyadmin links/points to?
My second question is about the htaccess file, I have tried putting the file in "/home/admispconfig/ispconfig/web/mysqlmanagement" and to no avail, is there a certain code I need to put in there since is on the main server and not a virtual site/client/reseller account?
Finally, is there a better way to secure it than what I'm trying to do?
Thanks in advance for your time,
17th July 2010, 13:17
The best is to protect your phpMyAdmin configuration by installing a SSL-certicate, because then all the data from and to your phpMyAdmin will be encrypted.
If you don't plan to install a SSL-certicate, maybe this guide (http://www.howtoforge.com/protect-phpmyadmin-on-an-ispconfig-3-server-debian) can help you.
18th July 2010, 15:18
Hello Hans and thanks for the reply.
I do have a SSL certificate for the server already. The link you posted was about ISPConfig 3 and I checked my ISPConfig 2 files and phpmyadmin isnt in the folder the tutorial lists. I am a complete newb and cannot extrapolate the info from that tutorial and apply it to my own set up.
It could be that I am being too anal lol. Perhaps it is because I am new to Linux and reading every scrap of info I can trying to teach myself.
I had read several blogs and forums mentioning how phpmyadmin was vulnerable since hackers new the folder would be http://mysite.com/phpmyadmin
I figured I would try to go for the trifecta of secureness by:
a. Renaming my phpmyadmin folder to something insanely vague
b. Putting a htaccess file in there only allowing either my static IP or the local machine IP.
c. SSL Certificate
As I said, I am probably overreacting lol lack of knowledge can do that :)
Thanks again for the input Hans, I truly appreciate it.
18th July 2010, 19:57
But I still thought I would ask if there is a simple way to change where the tools phpmyadmin links/points to?You can change it under /home/admispconfig/ispconfig/web/tools/tools/phpmyadmin/nav.inc.php.
My second question is about the htaccess file, I have tried putting the file in "/home/admispconfig/ispconfig/web/mysqlmanagement" and to no avail, is there a certain code I need to put in there since is on the main server and not a virtual site/client/reseller account?I guess you need to put the line
# General setup for the virtual host
stanza at the end of /root/ispconfig/httpd/conf/httpd.conf. Restart ISPConfig afterwards.
19th July 2010, 03:13
Falko the nav.inc worked a treat sir Perfect indeed. Now on the second part, when I edited that file and tried restarting ISPConfig it gave me this:
syntax error on line 1231 of /root/ispconfig/httpd/conf/httpd.conf: AllowOverride not allowed here
Is there anything I might have screwed up on earlier that would block this?
Thanks as always,
19th July 2010, 14:25
22nd July 2010, 20:40
Spot on perfect as always. Thank you sir.
vBulletin® v3.8.7, Copyright ©2000-2014, vBulletin Solutions, Inc.