I’m having an increasingly number of visits to mydomain.com/phpmyadmin what seems quite suspicious specially when I don’t use it and didn’t even know it existed in my Hestia installation.
Is there a way to ‘turn it off’, uninstall it or reinforce security for that issue? T.I.A.
Option 1 change end point via Configure Server → DB → DB Alias
Option 2: rename /etc/apache2/conf.d/phpmyadmin.inc to phpmyadmin.inc2 and add a IncludeOptional /etc/apache2/conf.d/*.inc2. to a renamed template
I’ll give it a try and reply. BIG thank you!
I’ve just used the alias solution for now. If after a while I can see any accesses in the visits statistics I’ll start to worry and apply option #2.
Thank you for such a good product and superb assistance. Have a nice day & week!
BTW, I don’t care but browsing to PHPmyAdmin from the panel link button takes me to
IP/phpmyadmialias what (obvoiously?) gets a 404 page not found error. I still can access PMA via
mydomain/phpmyadmialias, so not a problem as such .
ip/phpmyamin/ means also no ssl encryption so you send passwords in plain text over the internet
Via https://host.name/phpmyadmin at least ssl is enabled.
Ideally we should create new template that is for the hostname and for the rest disable /phpmyadmin/ and phpgadmin/ for all normal domains
Thank you again. I have both the Hestia panel and the site domain to be browsed under https. I thought they were under SSL. Sorry, but my knowledge is quite limited. I believe then there’s no SSL. I’ll double check it as soon as I have a minute.
On the other hand I haven’t worked with Hestia templates yet. One more minute to my TODOs list.
Thank you for your help and sorry about the annoyance. I’ll try to learn further… or ask for professional help.
Have a nice day!
I noticed the same attempts recently and chose to ban IPs via failtoban as a first step.
A rule already exists in
/etc/fail2ban/filter.d/phpmyadmin-syslog.conf with the following regex
failregex = ^%(__prefix_line)suser denied: (?:\S+|.*?) \(mysql-denied\) from <HOST>\s*$
So I added a section to apply the filter in jail file
/etc/fail2ban/jail.local. The advantage I see is that IPs trying to connect are banned and won’t be able to try to attack another service.
enabled = true
filter = phpmyadmin-syslog
logpath = /var/log/auth.log
maxretry = 1
findtime = 3600
bantime = 14400
Hopefully this solution will help others
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.