13th June 2009, 20:17
|
|
HowtoForge Supporter
|
|
Join Date: Mar 2009
Posts: 63
Thanks: 11
Thanked 3 Times in 3 Posts
|
|
Can't login to phpmyadmin (possibly related to a phpMyAdmin vulnerability)
Hi,
For some reason my server crashed. When I brought it back up I found no real problems or inconsistencies, but when tried to visit phpmyadmin I get:
1045 - Access denied for user 'root'@'localhost' (using password: NO)
Invalid hostname for server 1. Please review your configuration.
Any way to solve this?
|
13th June 2009, 21:24
|
|
HowtoForge Supporter
|
|
Join Date: Mar 2009
Posts: 63
Thanks: 11
Thanked 3 Times in 3 Posts
|
|
By the way, this shows everytime, i can't even try to login, it happens as soon as i open phpmyadmin.
|
14th June 2009, 10:31
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,251 Times in 3,263 Posts
|
|
Make sure that you close all browser windows and then open the browser again before you connect to phpmyadmin.
|
16th June 2009, 19:53
|
|
Senior Member
|
|
Join Date: Apr 2009
Posts: 245
Thanks: 32
Thanked 6 Times in 5 Posts
|
|
I have exactly the same problem.
It appeared out of nowhere, maybe after I did an update.
I tried what you suggested, but it seems clear that this is a server problem.
|
16th June 2009, 20:00
|
|
HowtoForge Supporter
|
|
Join Date: Mar 2009
Posts: 63
Thanks: 11
Thanked 3 Times in 3 Posts
|
|
No workieworkie - workaround provided
exactly, manarak!
Anyway, what I did as a workaround was:
- Edit /var/lib/phpmyadmin/config.inc.php;
- Change the option value 'config' to 'cookie'.
I'm still getting the error "Invalid hostname for server 1. Please review your configuration." but at least I can login again.
|
16th June 2009, 20:05
|
|
Senior Member
|
|
Join Date: Apr 2009
Posts: 245
Thanks: 32
Thanked 6 Times in 5 Posts
|
|
cool, thanks - it would still be interesting to find out what broke phpmyadmin though.
|
16th June 2009, 21:57
|
|
Senior Member
|
|
Join Date: Apr 2009
Posts: 245
Thanks: 32
Thanked 6 Times in 5 Posts
|
|
ok, it looks like the config file was changed, the hostname is commented out and there is a phpinfo(); in its place.
that could be an injection attack ?
is there a known vulnerability?
|
16th June 2009, 22:00
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,251 Times in 3,263 Posts
|
|
Quote:
|
is there a known vulnerability?
|
Which software do you mean? ISPConfig or phpmyadmin? In ISPConfig there are no known vulnerabilities.
Which config file was changed?
|
16th June 2009, 22:01
|
|
Senior Member
|
|
Join Date: Apr 2009
Posts: 245
Thanks: 32
Thanked 6 Times in 5 Posts
|
|
Last edited by manarak; 16th June 2009 at 22:04.
|
16th June 2009, 22:03
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,251 Times in 3,263 Posts
|
|
Make sure that you install all available debian updates. phpmyadmin is part of debian and not part of ispconfig.
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +2. The time now is 08:27.
|
|
English | 
Deutsch
voidzero
Recent comments
16 hours 1 min ago
17 hours 1 min ago
20 hours 48 min ago
22 hours 2 min ago
1 day 1 hour ago
1 day 8 hours ago
1 day 17 hours ago
1 day 19 hours ago
2 days 10 hours ago
2 days 12 hours ago