Comments on Protect phpMyAdmin On An ISPConfig 3 Server (Debian)

Protect phpMyAdmin On An ISPConfig 3 Server (Debian) With this small howto I explain how to protect your phpmyadmin installation on your Debian server with ISPConfig3 against hack attempts as much as possible. I assume that you already have an ISPConfig3 server running on Debian, which has been set up according to this howto and that phpmyadmin has been installed from the Debian repository into the directory /usr/share/phpmyadmin. With this default setup you can access phpMyAdmin via: http://www.anywebsiteonyourserver.tld/phpmyadmin, which we're going to change for security reasons.

8 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By:
Reply  

Quick and slick, gut gemacht Hans!

By:
Reply  

Do you have or know instructions for protectecting phpMyAdmin ISPConfig 3 Server with CentOS 5.4.

 Thanks

By: Bruno F
Reply  

Reading a bit more documentation on apache you would find that you can use auth mysql directly

https://www.howtoforge.com/mod_auth_mysql_apache2_debian

so you have only one database of user and login ... 

So most secure way is anyway to have a https serveur used to hide login & password.

Try to be imaginative with the alias technique, as bot try a lots of alias like myadmin, db, etc....

 

 

 

By: Geno
Reply  

This works for Ubuntu 11.10 and should work for most other Linux flavors as well.

 Highly recommended tweak.

 Thank you for making this.

By: Anonymous
Reply  
By: Chris
Reply  

How yould you change it so the login to phpmyadmin would be a https site?

By: quaz22
Reply  

Hello.

On Debian 8 this tutorial not working.

My: /etc/apache2/conf-available/phpmyadmin.conf

 

# phpMyAdmin default Apache configurationAlias /phpmyadmin /usr/share/phpmyadmin<Directory /usr/share/phpmyadmin>    Options FollowSymLinks    DirectoryIndex index.php    <IfModule mod_php5.c>        <IfModule mod_mime.c>            AddType application/x-httpd-php .php        </IfModule>        <FilesMatch ".+\.php$">            SetHandler application/x-httpd-php        </FilesMatch>        php_flag magic_quotes_gpc Off        php_flag track_vars On        php_flag register_globals Off        php_admin_flag allow_url_fopen Off        php_value include_path .        php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp        php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/:/usr/share/php/tcpdf/    </IfModule></Directory># Authorize for setup<Directory /usr/share/phpmyadmin/setup>    <IfModule mod_authz_core.c>        <IfModule mod_authn_file.c>            AuthType Basic            AuthName "phpMyAdmin Setup"            AuthUserFile /etc/phpmyadmin/htpasswd.setup        </IfModule>        Require valid-user    </IfModule></Directory># Disallow web access to directories that don't need it<Directory /usr/share/phpmyadmin/libraries>    Require all denied</Directory><Directory /usr/share/phpmyadmin/setup/lib>    Require all denied</Directory>

By: Vagner
Reply  

For me work very well! Thank you! 

But, I had to modify the link

From: /etc/apache2/conf.d/phpmyadmin.conf

To: /etc/apache2/conf-available/phpmyadmin.conf