How to Secure your phpMyAdmin

Valic —  March 24, 2012 — Leave a comment

phpMyAdmin is a popular software  and as such is a target for various scripted attacks. If you run phpMyAdmin installation somewhere you should really make sure it is secured.

There are some things you can do to keep you safer:

1. Remove setup directory from phpMyAdmin. You will not use it after initial setup:

 rm -rf /usr/share/phpmyadmin/setup/

2. Prevent access to libraries directory from browser.  You can use a .htaccess file for this.

3. In case you don’t want all  users  to access phpMyAdmin  you can use AllowDeny rules to limit them:

Use the following in the file config,inc.php of phpMyAdmin to restrict access to from remote machines.

vim /usr/share/phpmyadmin/config.inc.php


$cfg['Servers'][$i]['AllowDeny']['order']  = 'deny,allow';
$cfg['Servers'][$i]['AllowDeny']['rules'][] = 'allow % from 127.0.0.1';
$cfg['Servers'][$i]['AllowDeny']['rules'][] = 'allow % from xxx.xxx.xxx.xxx';
$cfg['Servers'][$i]['AllowDeny']['rules'][] = 'deny % from all';

The percent sign (%) stands for “all users”.

4. Consider hiding phpMyAdmin link. Modify the alias from /etc/apache2/conf.d/phpmyadmin.conf file:

vim /etc/apache2/conf.d/phpmyadmin.conf

Here you can modify the Alias /phpmyadmin with any other name you want. Example: Alias /pma

Valic

Posts Twitter Facebook

Editor in Chief at Debian-Tutorials, Linux enthusiast.

No Comments

Be the first to start the conversation.

Leave a Reply