How to secure phpMyAdmin
The biggest threat is that an attacker could leverage a vulnerability such as; directory traversal, or using SQL Injection to call load_file()
to read the plain text username/password in the configuration file and then Login using phpmyadmin or over tcp port 3306. As a pentester I have used this attack pattern to compromise a system.
Here is a great way to lock down phpmyadmin:
- PhpMyAdmin lacks strong bruteforce protection, so you must use a long randomly generated password.
- DO NOT ALLOW REMOTE ROOT LOGINS! Instead phpmyadmin can be configured to use "Cookie Auth" to limit what user can access the system. If you need some root privileges, create a custom account that can add/drop/create but doesn't have
grant
orfile_priv
. - Remove
file_priv
permissions from every account.file_priv
is one of the most dangerous privileges in MySQL because it allows an attacker to read files or upload a backdoor. - Whitelist IP address who have access to the phpmyadmin interface. Here is an example .htaccess reulset:
Order deny,allow
Deny from all
allow from 199.166.210.1
Do not have a predictable file location like:
http://127.0.0.1/phpmyadmin
. Vulnerability scanners like Nessus/Nikto/Acunetix/w3af will scan for this.Firewall off tcp port 3306 so that it cannot be accessed by an attacker.
Use HTTPS, otherwise data and passwords can be leaked to an
attacker. If you don't want to fork out the $30 for a cert, then
use a self-signed. You'll accept it once, and even if it was
changed due to a MITM you'll be notified.
how to secure phpmyadmin access through .htaccess
I am assuming that you have installed mysql.
Install phpmyadmin:
sudo apt-get install phpmyadmin
Copy:
sudo cp /etc/phpmyadmin/apache.conf /etc/apache2/conf-enabled/phpmyadmin.conf
Edit:
sudo nano /etc/apache2/conf-enabled/phpmyadmin.conf
enter following line just after "
DirectoryIndex index.php
":AllowOverride All
Edit .htaccess
sudo nano /usr/share/phpmyadmin/.htaccess
Enter following content:
AuthType Basic
Authname "Restricted files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-usersudo apt-get install apache2-utils
sudo htpasswd -c /etc/phpmyadmin/.htpasswd username
Enter new password
Restart apache
sudo service apache2 restart
How to restrict access to phpmyadmin?
I'd make that server listen on 127.0.0.1
and then use port forwarding with SSH...
Make sure, the server serving phpMyAdmin only serves to 127.0.0.1, and then run
$ ssh -L4545:localhost:80 yourserver.com
and then point your browser to http://127.0.0.1:4545/phpmyadmin, you should be able to access phpmyadmin as long as your SSH session is active. You can even make a shell script to automate this.
This works with PuTTY as well.
phpmyadmin security
1) You can do it at the Webserver level.
Use allow/deny rules for apache. If you don't have direct access to your apache configuration file, you may use a .htaccess file.
<Directory /docroot>
Order Deny,Allow
Deny from all
Allow from 10.1.2.3
</Directory>
2) You can do it at the application level using the phpmyadmin config file.
The configuration parameter is: $cfg['Servers'][$i]['AllowDeny']['rules']
Examples of rules are:
'all' -> 0.0.0.0/0
'localhost' -> 127.0.0.1/8
'localnetA' -> SERVER_ADDRESS/8
'localnetB' -> SERVER_ADDRESS/16
'localnetC' -> SERVER_ADDRESS/24
You can see this on the official phpMyAdmin configuration documentation.
http://www.phpmyadmin.net/documentation/#servers_allowdeny_order
Does phpMyAdmin pose security risk on production
Any extra software you add to a system adds complexity. Complexity is the enemy of security.
PHP webapps are notorious for sloppy coding and certainly phpMyAdmin has had more than its share of security holes in the past. You can certainly mitigate the damage by eg. putting behind HTTPS with a client certificate, but that's not going to prevent cross-site-request-forgery attacks.
For a production machine, I'd really prefer to stick to the console.
How can I disallow users from accessing the phpMyAdmin login page?
the .htaccess redirect is the best way but, you can always go to index.php in the phpMyAdmin folder and insert either
exit();
or
header('Location: http://www.mydomain.com');
as the first line of index.php. This will just exit or redirect to the main page of your site whenever anyone tries to access that page.
Whats unsafe about leaving phpmyadmin with a default user/pass
It's always safe to put a password even if your MySQL
does not allow access from other host than localhost
.
Your phpMyAdmin
it's accessed by browser and not by IP.
Even if you host your page on your computer, it is still better to put a password. I get my computer and servers scanned for *phpMyAdmin*
, *PMA*
every single day.
So yes, it's unsafe.
Related Topics
How to Find a Reason When Mkdir Fails from PHP
How to Use an Object Method as a Callback Function
How to Protect My Source Code When Deployed
Parse Error: Syntax Error, Unexpected '' (T_Encapsed_And_Whitespace)
Supplied Key Param Cannot Be Coerced into a Private Key with Google APIs
Mysql_Fetch_Array Returns Duplicate Data
How to Generate an .Xlsx Using PHP
Pdo Lastinsertid() Always Return 0
How to Get User's Screen Resolution with PHP
PHP Dynamic Name for Object Property
Tcpdf Error :Unable to Get the Size of the Image
Simplexml Get Element Content Based on Attribute Value
Commenting Interpreted Code and Performance
How to Keep Whitespace Formatting Using PHP/Html
How to Stop Gd2 from Washing Away the Colors Upon Resizing Images