I have noticed that there are strange requests to my website trying to find phpmyadmin, like
/phpmyadmin/
/pma/
etc.
Now I have installed PMA on Ubuntu via apt and would like to access it via webaddress different from /phpmyadmin/. What can I do to change it?
Thanks
Update
For Ubuntu 9.10 and Apache2, the corresponding setting is located in the file /etc/apache2/conf.d/phpmyadmin.conf
which is a link to /etc/phpmyadmin/apache.conf
. The file contains
Alias /phpmyadmin /usr/share/phpmyadmin
where the first /phpmyadmin
should be changed to something different if one wants to avoid the unnecessary activity, e.g.:
Alias /secret /usr/share/phpmyadmin
Source: Tips4all
The biggest threat is that someone could use an exploit to read the plain text username/password in your PHP application configuration file and then Login using phpmyadmin or over tcp port 3306.
ReplyDeleteThere are a few things you can do to stop this:
1) DO NOT ALLOW REMOTE ROOT LOGINS.
Instead you should use "Cookie Auth" to limit what user can access the system. If you need some root privileges, create a custom account that can add/drop/create but doesn't have "grant" or "file_priv". file_priv is really nasty because it can be used to read files or upload backdoors.
2) Put in a IP address restriction in your .htaccess for the phpmyadmin folder:
allow from 199.166.210.1
3) Do not have a predictable file location like: http://127.0.0.1/phpmyadmin. Vulnerability scanners like Nessus/Nikto/Acunetix/w3af will scan for this.
4) firewall off tcp port 3306.
5) Use HTTPS, otherwise data and passwords can be leaked to an attacker. If you don't want to fork out the $30 for a cert, then use a self-signed. You'll accept it once, and even if it was changed due to a MITM you'll be notified.
Most likely, somewhere on your webserver will be an Alias directive like this;
ReplyDeleteAlias /phpmyadmin "c:/wamp/apps/phpmyadmin3.1.3.1/"
In my wampserver / localhost setup, it was in c:/wamp/alias/phpmyadmin.conf.
Just change the alias directive and you should be good to go.
The simplest approach would be to edit the webserver, most likely an Apache2 installation, configuration and give phpmyadmin a different name.
ReplyDeleteA second approach would be to limit the IP addresses from where phpmyadmin may be accessed (e.g. only local lan or localhost).