There are a couple of ways that I lock it down.. I won’t get into specifics because I don’t want you (or you!) trying to find it, but I can’t count the number of times I’ve seen an old phpMyAdmin install just sitting on someone’s server waiting for someone to type in the correct login and password and screw up your day. The following are a couple good-practice ways to lock it down so that you don’t have to lose sleep over wondering if someone’s going to get in easily.
Rename your phpmyadmin alias:
Edit: /etc/httpd/conf.d/phpmyadmin.conf
Look for:
|
1 2 3 |
Alias /phpmyadmin /usr/share/phpmyadmin Alias /phpMyAdmin /usr/share/phpmyadmin Alias phpMyadmin /usr/share/phpmyadmin |
(or something like that… )
and change it to something like:
|
1 |
Alias /supersecret456 /usr/share/phpmyadmin |
Restrict access to your known ip address:
Edit /etc/httpd/conf/phpmyadmin.conf
At the top of the file you’ll see something like:
|
1 2 3 4 5 |
<Directory "/usr/share/phpmyadmin"> Order Deny,Allow Deny from all Allow from 127.0.0.1 </Directory> |
Modify it to only allow the ip addresses that you’ll connect from:
|
1 2 3 4 5 6 7 |
<Directory "/usr/share/phpmyadmin"> Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from 70.100.100.100 Allow from 70.200.200.200 </Directory> |
Restart apache and test it out!
Related posts from Linux Brigade!
Keep your WordPress site secure! I work for a hosting company. On average, I’ll clean up at least 3-4 WordPress sites each month for our clients. Most of the time, they’re running on old versions of WordPress and have […]
Untangle your network Whether you’re the admin of your office network or your home network (or both), it’s always a good idea to have security and order in place. Untangle is software that you can install as […]
Block Countries using mod_geoip in cPanel Yesterday, I wrote an article on how to block certain countries from your server using csf. This will block them from accessing your server on any port. You can, however use mod_geoip if […]
Block Countries from your server easily with CSF If you don’t have a need for certain international visitors to your Linux server, its easy to block them out! First, you’ll need to make sure that CSF is installed. You can follow our […]
Turn off unneeded services on your Linux machine One of the easiest ways to start securing your server (and speeding it up) is to turn off unnecessary services that are usually running by default. This little script will go through and […]
Great tip and guide! It is amazing how many people just leave their server completely open and vulnerable. It is hard to find an unsecured wireless hotspot but you can gain access to an unsecured server almost effortlessly. Doesn’t make much sense, does it? I hope everyone reading this that has a server follows this guide.
I agree with you completely. It doesn’t make sense to me either. Like they say, “An ounce of prevention is worth a pound of cure.” And these days, that cure can be quite expensive! This article is quite clear and easy to follow. People are running out of excuses to for why their servers are not secure.
Restricting access by ip address is a great way to lock those tools down. A great trick is to use an SSH tunnel/VPN to connect to the machine, or another machine within the same network. That way you can securely access your admin tools from anywhere, while limiting your allowed ip addresses to only one or two locations.
This is a good idea for keeping your phpMyAdmin locked down. I ran a server for a short while, and you can’t be sure if your access to the server is locked down or not. Most people that visit a website won’t really care about hacking it, but it only takes one person to make your day suck. Definitely bookmarking this for if I start another website.
Is it possible to lock access to any single database and not all in phpmyadmin ?