Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 13th June 2009, 20:17
voidzero voidzero is offline
HowtoForge Supporter
 
Join Date: Mar 2009
Posts: 63
Thanks: 11
Thanked 3 Times in 3 Posts
Default Can't login to phpmyadmin (possibly related to a phpMyAdmin vulnerability)

Hi,

For some reason my server crashed. When I brought it back up I found no real problems or inconsistencies, but when tried to visit phpmyadmin I get:

1045 - Access denied for user 'root'@'localhost' (using password: NO)
Invalid hostname for server 1. Please review your configuration.

Any way to solve this?
Reply With Quote
Sponsored Links
  #2  
Old 13th June 2009, 21:24
voidzero voidzero is offline
HowtoForge Supporter
 
Join Date: Mar 2009
Posts: 63
Thanks: 11
Thanked 3 Times in 3 Posts
Default

By the way, this shows everytime, i can't even try to login, it happens as soon as i open phpmyadmin.
Reply With Quote
  #3  
Old 14th June 2009, 10:31
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Make sure that you close all browser windows and then open the browser again before you connect to phpmyadmin.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 16th June 2009, 19:53
manarak manarak is offline
Senior Member
 
Join Date: Apr 2009
Posts: 263
Thanks: 32
Thanked 6 Times in 5 Posts
Default

I have exactly the same problem.

It appeared out of nowhere, maybe after I did an update.

I tried what you suggested, but it seems clear that this is a server problem.
Reply With Quote
  #5  
Old 16th June 2009, 20:00
voidzero voidzero is offline
HowtoForge Supporter
 
Join Date: Mar 2009
Posts: 63
Thanks: 11
Thanked 3 Times in 3 Posts
Thumbs down No workieworkie - workaround provided

exactly, manarak!

Anyway, what I did as a workaround was:
  1. Edit /var/lib/phpmyadmin/config.inc.php;
  2. Change the option value 'config' to 'cookie'.

I'm still getting the error "Invalid hostname for server 1. Please review your configuration." but at least I can login again.
Reply With Quote
  #6  
Old 16th June 2009, 20:05
manarak manarak is offline
Senior Member
 
Join Date: Apr 2009
Posts: 263
Thanks: 32
Thanked 6 Times in 5 Posts
Default

cool, thanks - it would still be interesting to find out what broke phpmyadmin though.
Reply With Quote
  #7  
Old 16th June 2009, 21:57
manarak manarak is offline
Senior Member
 
Join Date: Apr 2009
Posts: 263
Thanks: 32
Thanked 6 Times in 5 Posts
Default

ok, it looks like the config file was changed, the hostname is commented out and there is a phpinfo(); in its place.

that could be an injection attack ?

is there a known vulnerability?
Reply With Quote
  #8  
Old 16th June 2009, 22:00
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
Default

Quote:
is there a known vulnerability?
Which software do you mean? ISPConfig or phpmyadmin? In ISPConfig there are no known vulnerabilities.

Which config file was changed?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 16th June 2009, 22:01
manarak manarak is offline
Senior Member
 
Join Date: Apr 2009
Posts: 263
Thanks: 32
Thanked 6 Times in 5 Posts
Default

yes there is:

http://www.gnucitizen.org/blog/cve-2...of-of-concept/

we have been injected !!

Last edited by manarak; 16th June 2009 at 22:04.
Reply With Quote
  #10  
Old 16th June 2009, 22:03
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,421
Thanks: 834
Thanked 5,499 Times in 4,328 Posts
 
Default

Make sure that you install all available debian updates. phpmyadmin is part of debian and not part of ispconfig.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Webmail problems with only one domain? compner Installation/Configuration 14 16th February 2010 16:59
Centos 5.2 + ISPConfig 3 tutorial - Problem with email tanakskool Server Operation 1 3rd June 2009 16:22
PHPmyadmin login and pasword ? specon Installation/Configuration 2 26th April 2008 12:31
dovecot problem sojic Server Operation 21 23rd March 2008 18:22
Unable to authenticate to SMTP server ashkev Installation/Configuration 15 6th February 2007 17:46


All times are GMT +2. The time now is 02:17.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.