#1  
Old 17th July 2010, 06:38
scottrill2 scottrill2 is offline
HowtoForge Supporter
 
Join Date: Dec 2009
Posts: 93
Thanks: 21
Thanked 2 Times in 1 Post
Default Securing PHPmyadmin

Hello,

I was curious about a few things. I have read that phpmyadmin can be vulnerable to the www. I wanted to do 2 things.

1. Change the "phpmyadmin" folder to another name like "mysqlmanagement".

2. Create a .htaccess file with the following in it: "Allow from 127.0.0.1" so that only the local machine can access phpmyadmin.


Now renaming the folder was easy enough even for me I just have to manually type in the url which is fine. But I still thought I would ask if there is a simple way to change where the tools phpmyadmin links/points to?

My second question is about the htaccess file, I have tried putting the file in "/home/admispconfig/ispconfig/web/mysqlmanagement" and to no avail, is there a certain code I need to put in there since is on the main server and not a virtual site/client/reseller account?

Finally, is there a better way to secure it than what I'm trying to do?

Thanks in advance for your time,

Scott
Reply With Quote
Sponsored Links
  #2  
Old 17th July 2010, 12:17
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 212
Thanked 648 Times in 294 Posts
Send a message via Skype™ to Hans
Default

The best is to protect your phpMyAdmin configuration by installing a SSL-certicate, because then all the data from and to your phpMyAdmin will be encrypted.

If you don't plan to install a SSL-certicate, maybe this guide can help you.
__________________
Hans

BB-Hosting | Quality Web Hosting since 2005
Reply With Quote
  #3  
Old 18th July 2010, 14:18
scottrill2 scottrill2 is offline
HowtoForge Supporter
 
Join Date: Dec 2009
Posts: 93
Thanks: 21
Thanked 2 Times in 1 Post
Default

Hello Hans and thanks for the reply.

I do have a SSL certificate for the server already. The link you posted was about ISPConfig 3 and I checked my ISPConfig 2 files and phpmyadmin isnt in the folder the tutorial lists. I am a complete newb and cannot extrapolate the info from that tutorial and apply it to my own set up.


It could be that I am being too anal lol. Perhaps it is because I am new to Linux and reading every scrap of info I can trying to teach myself.


I had read several blogs and forums mentioning how phpmyadmin was vulnerable since hackers new the folder would be http://mysite.com/phpmyadmin

I figured I would try to go for the trifecta of secureness by:

a. Renaming my phpmyadmin folder to something insanely vague
b. Putting a htaccess file in there only allowing either my static IP or the local machine IP.
c. SSL Certificate

As I said, I am probably overreacting lol lack of knowledge can do that

Thanks again for the input Hans, I truly appreciate it.

Scott
Reply With Quote
  #4  
Old 18th July 2010, 18:57
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by scottrill2 View Post
But I still thought I would ask if there is a simple way to change where the tools phpmyadmin links/points to?
You can change it under /home/admispconfig/ispconfig/web/tools/tools/phpmyadmin/nav.inc.php.

Quote:
Originally Posted by scottrill2 View Post
My second question is about the htaccess file, I have tried putting the file in "/home/admispconfig/ispconfig/web/mysqlmanagement" and to no avail, is there a certain code I need to put in there since is on the main server and not a virtual site/client/reseller account?
I guess you need to put the line
Code:
AllowOverride All
into the
Code:
<VirtualHost _default_:81>

#  General setup for the virtual host
DocumentRoot "/home/admispconfig/ispconfig/web"
ServerName xxx.xxx.com
ServerAdmin root@xxx.xxx.com
ErrorLog /root/ispconfig/httpd/logs/error_log
TransferLog /root/ispconfig/httpd/logs/access_log
</VirtualHost>
stanza at the end of /root/ispconfig/httpd/conf/httpd.conf. Restart ISPConfig afterwards.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:

Last edited by falko; 19th July 2010 at 13:23.
Reply With Quote
  #5  
Old 19th July 2010, 02:13
scottrill2 scottrill2 is offline
HowtoForge Supporter
 
Join Date: Dec 2009
Posts: 93
Thanks: 21
Thanked 2 Times in 1 Post
Default Thanks!

Falko the nav.inc worked a treat sir Perfect indeed. Now on the second part, when I edited that file and tried restarting ISPConfig it gave me this:




syntax error on line 1231 of /root/ispconfig/httpd/conf/httpd.conf: AllowOverride not allowed here



Is there anything I might have screwed up on earlier that would block this?


Thanks as always,

Scott
Reply With Quote
  #6  
Old 19th July 2010, 13:25
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Try
Code:
<Directory /home/admispconfig/ispconfig/web>
  AllowOverride All
</Directory>
instead.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 22nd July 2010, 19:40
scottrill2 scottrill2 is offline
HowtoForge Supporter
 
Join Date: Dec 2009
Posts: 93
Thanks: 21
Thanked 2 Times in 1 Post
 
Default

Spot on perfect as always. Thank you sir.


Scott
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
phpmyadmin stops authenticating, mysql does fine isn General 2 8th January 2010 16:57
Phpmyadmin update error code 1? treavle Installation/Configuration 1 16th December 2009 13:35
phpMyAdmin goes PHP5 & MySQL5 Hans General 5 28th September 2008 20:46
phpmyadmin problem on ubuntu mail server virtual domains almeister9 HOWTO-Related Questions 1 19th September 2008 16:52
Securing phpmyadmin and phppgadmin tijn_tux Installation/Configuration 4 2nd January 2007 21:51


All times are GMT +2. The time now is 13:24.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.