Phpmyadmin - htaccess Password protection

Discussion in 'Installation/Configuration' started by fathertime, Feb 4, 2010.

  1. fathertime

    fathertime New Member

    Is there a way to password protect the phpmyadmin, even by using just the standard process to make a password protected directory?


    I don't feel like the server is secured while this is open. I was hoping to add another layer of security to the databases instead of the username/password of phpmyadmin. The link to the phpmyadmin installation is not in /var and I can't get the htpasswd/htaccess combo to work. Maybe I need to chmod?

    Thank you, in advance.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    What is the exact problem? You created the .htaccess and .htpasswd files in the phpmyadmin directory and it is not working? Which error messages do you get then?
  3. fathertime

    fathertime New Member

    Debian Lenny/Ispconfig 3 Perfrect server setup.

    When I go to one of the sites that I have set up via IspConfig3, and add the subdomain "phpmyadmin" it resolves to the phpmyadmin login page. But, there is no folder in /var/www/ for phpmyadmin. I tried to load .htaccess and .htpasswd at /usr/share/phpmyadmin. It didn't work.

    Am I in the wrong place?

    Thank you for responding.
  4. fathertime

    fathertime New Member

    Never got phpmyadmin protected.

    Now they are hacking me.

    I could never get the htaccess to work for me in the shared folder.

    What to do? What to do?
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    And why do you think that someone is hacking you? If you dont provide more information, nobody is able to help you.

    Have you installed all debian lenny updates?
  6. fathertime

    fathertime New Member

    Still watching the logs.

    Thanks Till,

    I am still watching the apache logs. They are going right for the phpmyadmin and mail folders, but they are using several variations of urls (not exact nor specific). I've been blocking ips individually, but they can change ips fairly easily, which is why I'd like to block via htaccess.

    I don't know why I can't use htaccess in the shared folder of phpmyadmin.

    I just went back and reviewed my access.log - error.log files and they have been getting the 404. So, I did panic a bit much. The attacks are coming from Asia and Latin America.

    What scares me is: I don't remember installing open office. I used the Lenny/Ispconfig3 Perfect server setup. I see it in the /etc folder. Am I just paranoid?
    UPDATE: The OpenOffice folder is for a dictionary/spell check, it's not the full version.

    Thanks Till.
    Last edited: Apr 8, 2010

Share This Page