Securing phpMyAdmin

The things you can do to make your phpMyAdmin less vulnerable to attack:

1. Call it something else.

Normally it is accessed by its alias /phpmyadmin, as defined in the /etc/apache2/conf-enabled/phpmyadmin.conf.

Edit it and rename the alias to something else, something hard for an attacked to guess. You can use apg to generate a random name for it. Restart Apache after you are done.

2. Restrict access to a particular range of addresses

You may chose to allow only local access from localhost, or allow access from the range of your VPN.

Remember that Apache configuration syntax changed as of version is 2.4, so now you have to use Require instead of Order Deny,Allow.

To find out your version:

apachectl -V | grep ‘Server version’

To limit access to phpMyAdmin to allow only connections from localhost and VPN:

Right after the tag add:

Require ip 127.0.0.1
Require ip 10.8.0.0/24

Be aware that anybody who attempts to connect phpMyAdmin form any other address will see a message

“Forbidden

You don’t have permission to access […] on this server.”

To avoid that you can rename the alias as described above

 

Advertisements

One Comment on “Securing phpMyAdmin”

  1. Jenna says:

    Skype has launched its website-centered consumer beta towards the entire
    world, soon after establishing it broadly from the Usa and
    You.K. previously this month. Skype for Internet also
    now can handle Chromebook and Linux for instant online messaging communication (no video and voice nevertheless, individuals require a
    connect-in installing).

    The increase of your beta adds help for a longer selection of languages to
    assist strengthen that international usability


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s