Remove (or hide) PHPmyAdmin

hip · August 28, 2022, 3:32pm

Hello.
I’m having an increasingly number of visits to mydomain.com/phpmyadmin what seems quite suspicious specially when I don’t use it and didn’t even know it existed in my Hestia installation.

Is there a way to ‘turn it off’, uninstall it or reinforce security for that issue? T.I.A.

eris · August 28, 2022, 4:39pm

Option 1 change end point via Configure Server → DB → DB Alias

Option 2: rename /etc/apache2/conf.d/phpmyadmin.inc to phpmyadmin.inc2 and add a IncludeOptional /etc/apache2/conf.d/*.inc2. to a renamed template

hip · August 28, 2022, 4:44pm

I’ll give it a try and reply. BIG thank you!

hip · August 28, 2022, 5:12pm

I’ve just used the alias solution for now. If after a while I can see any accesses in the visits statistics I’ll start to worry and apply option #2.

Thank you for such a good product and superb assistance. Have a nice day & week!

BTW, I don’t care but browsing to PHPmyAdmin from the panel link button takes me to IP/phpmyadmialias what (obvoiously?) gets a 404 page not found error. I still can access PMA via mydomain/phpmyadmialias, so not a problem as such .

eris · August 28, 2022, 5:20pm

ip/phpmyamin/ means also no ssl encryption so you send passwords in plain text over the internet

Via https://host.name/phpmyadmin at least ssl is enabled.

Ideally we should create new template that is for the hostname and for the rest disable /phpmyadmin/ and phpgadmin/ for all normal domains

hip · August 28, 2022, 5:58pm

Thank you again. I have both the Hestia panel and the site domain to be browsed under https. I thought they were under SSL. Sorry, but my knowledge is quite limited. I believe then there’s no SSL. I’ll double check it as soon as I have a minute.

On the other hand I haven’t worked with Hestia templates yet. One more minute to my TODOs list.

Thank you for your help and sorry about the annoyance. I’ll try to learn further… or ask for professional help.

Have a nice day!

anthonyrabot · September 2, 2022, 9:41pm

Hi Hip,

I noticed the same attempts recently and chose to ban IPs via failtoban as a first step.

A rule already exists in /etc/fail2ban/filter.d/phpmyadmin-syslog.conf with the following regex failregex = ^%(__prefix_line)suser denied: (?:\S+|.*?) $mysql-denied$ from <HOST>\s*$

So I added a section to apply the filter in jail file /etc/fail2ban/jail.local. The advantage I see is that IPs trying to connect are banned and won’t be able to try to attack another service.

[phpmyadmin-syslog]
enabled = true
filter = phpmyadmin-syslog
logpath = /var/log/auth.log
maxretry = 1
findtime = 3600
bantime = 14400

Hopefully this solution will help others

system · October 2, 2022, 9:42pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.