phpMyAdmin is a popular software and as such is a target for various scripted attacks. If you run phpMyAdmin installation somewhere you should really make sure it is secured.
There are some things you can do to keep you safer:
1. Remove setup directory from phpMyAdmin. You will not use it after initial setup:
rm -rf /usr/share/phpmyadmin/setup/
2. Prevent access to libraries directory from browser. You can use a .htaccess file for this.
3. In case you don’t want all users to access phpMyAdmin you can use AllowDeny rules to limit them:
Use the following in the file config,inc.php of phpMyAdmin to restrict access to from remote machines.
vim /usr/share/phpmyadmin/config.inc.php
$cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow'; $cfg['Servers'][$i]['AllowDeny']['rules'][] = 'allow % from 127.0.0.1'; $cfg['Servers'][$i]['AllowDeny']['rules'][] = 'allow % from xxx.xxx.xxx.xxx'; $cfg['Servers'][$i]['AllowDeny']['rules'][] = 'deny % from all';
The percent sign (%) stands for “all users”.
4. Consider hiding phpMyAdmin link. Modify the alias from /etc/apache2/conf.d/phpmyadmin.conf file:
vim /etc/apache2/conf.d/phpmyadmin.conf
Here you can modify the Alias /phpmyadmin with any other name you want. Example: Alias /pma
