# remote users must use an ssh tunnel for access Open your favourite editor and create a file called nf in /etc/apache2/conf-available, e.g.: sudo nano /etc/apache2/conf-available/nfįor apache2.4, add the following content: # ensure that phpmyadmin can only be accessed via localhost The following assumes that both apache2 and phpmyadmin were installed via the package manager. Once the process is complete, you should be able to access phpmyadmin in a web browser by appending “/phpmyadmin” to your server’s URL, e.g.: When asked if you would like to automatically configure phpmyadmin for your web server, choose ‘apache2’. The configuration script will prompt with a number of questions. Install the phpmyadmin package: sudo apt-get update The mysql_secure_installation command is bundled with the mysql + mariadb packages and helps cover the basics.
Part 1: install phpmyadminįirst, make sure that you have mysql or mariadb installed and configured, and have taken basic steps to secure the setup. This is especially a concern for anyone who accesses phpmyadmin via an untrusted network, such as public wifi. Login credentials and any data that’s accessed can be picked up by anyone that cares to listen in anywhere between your computer and the database server. In cases where phpmyadmin is discovered, its practically certain the logs will subsequently reveal attackers attempting to brute force and/or exploit their way in.Īnother significant concern with phpmyadmin is that it does not come with ssl configured out-of-the-box. It is often easily found with the default directory pattern “/phpmyadmin”.Ī quick look at almost any website’s logs will reveal an endless barrage of attempts to locate phpmyadmin, probing a wide range of likely URL patterns and alternate names. Phpmyadmin is a popular choice for attackers because it is widely deployed, easy to find, easy to attack, and it provides convenient access to potentially highly sensitive and/or valuable data.Ī default package install of phpmyadmin on a public-facing web server is wide open to the Internet. Why extra security measures are recommended for phpmyadmin This ensures that future package updates do not risk overwriting your security-minded configuration. Its the only tutorial that I know of that does things The Debian Way, in this case meaning that phpmyadmin’s customized configuration is applied without editing any of its packaged-managed conf files. This particular approach is easy to automate and improves on other examples that I’ve come across online.
This guide covers Debian and Ubuntu systems running apache2. This guide covers how to install it, plus add an additional layer of security that only permits access via an encrypted ssh tunnel (also known as ssh port forwarding). Phpmyadmin is a popular database administration and query tool for MySQL and MariaDB.
0 kommentar(er)
