1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Phpmyadmin Hacked

Discussion in 'Security' started by fgsg, Feb 12, 2013.

  1. #1
    Someone hacked my phpmyadmin and change password
    How i can protect of this in future ?


    Thanks.
    SEMrush
     
    fgsg, Feb 12, 2013 IP
    SEMrush
  2. pavv

    pavv Active Member

    Messages:
    264
    Likes Received:
    6
    Best Answers:
    1
    Trophy Points:
    70
    #2
    Do you have phpmyadmin in a directory like domain.com/phpmyadmin ?
    Use a strong pass.
     
    pavv, Feb 12, 2013 IP
  3. fgsg

    fgsg Active Member

    Messages:
    275
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    51
    #3
    yes i have directory domain.com/phpmyadmin i use very strong password
     
    fgsg, Feb 12, 2013 IP
  4. pavv

    pavv Active Member

    Messages:
    264
    Likes Received:
    6
    Best Answers:
    1
    Trophy Points:
    70
    #4
    Ok. As a security measure you should password protect your phpmyadmin directory. You can do this from cPanel.
    Also use a directory name that is hard to guess .. like domain.com/mysql1abc/
     
    pavv, Feb 12, 2013 IP
  5. fgsg

    fgsg Active Member

    Messages:
    275
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    51
    #5
    i use webmin, can i do this with webmin ?

     
    fgsg, Feb 12, 2013 IP
  6. pavv

    pavv Active Member

    Messages:
    264
    Likes Received:
    6
    Best Answers:
    1
    Trophy Points:
    70
    #6
    I'm not working with Webmin but you can take a look here brightlemon.com/blog/password-protecting-directory-webmin-1
     
    pavv, Feb 12, 2013 IP
  7. fgsg

    fgsg Active Member

    Messages:
    275
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    51
    #7
    and this is guarantee protect against sql injection and again hacking phpmyadmin ?

     
    fgsg, Feb 12, 2013 IP
  8. pavv

    pavv Active Member

    Messages:
    264
    Likes Received:
    6
    Best Answers:
    1
    Trophy Points:
    70
    #8
    Nothing is 100% safe ... if they don't have access to your files they can't try sql injection.
     
    pavv, Feb 12, 2013 IP
  9. fgsg

    fgsg Active Member

    Messages:
    275
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    51
    #9
    man thanks u really help me a lot all the best :)

     
    fgsg, Feb 12, 2013 IP
  10. innozemec

    innozemec Active Member

    Messages:
    84
    Likes Received:
    3
    Best Answers:
    1
    Trophy Points:
    68
    #10
    I always put my phpmyadmin into random named folder, that i simply bookmark in my browser for quick access.

    I also always deny access by IPs to anyone for that folder and whitelist only my IP
     
    innozemec, Feb 12, 2013 IP
  11. CoastWeb

    CoastWeb Greenhorn

    Messages:
    6
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    23
    #11
    Protect the directory with an htaccess / password that is different from you phpMyAdmin password. Also make sure you phpMyAdmin version is up to date.
     
    CoastWeb, Feb 13, 2013 IP
  12. toastbeer

    toastbeer Greenhorn

    Messages:
    12
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #12
    Yeah, would also prefer that, just double safe it with the htaccess and the normal phpmyadmin login. But be sure that you use strong passwords with numbers, letters and special chars ;)
     
    toastbeer, Feb 24, 2013 IP
  13. jusob

    jusob Greenhorn

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #13
    If you have SSH access to your server, make sure PhpMyAdmin is available on 127.0.0.1 only. SSH to use machine and use port forwarding to connect to PHPMyAdmin.

    If you don't have SSH access but have a static IP at work or home, restrict access to PhpMyadMin to this IP.
     
    jusob, Mar 24, 2013 IP
  14. lord_stone

    lord_stone Greenhorn

    Messages:
    34
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    20
    #14
    Also make sure that you do not have any user without a password.
     
    lord_stone, Mar 29, 2013 IP
  15. LarueOutlaw

    LarueOutlaw Peon

    Messages:
    8
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #15
    I always put phpmyadmin into the random named folder,and update the password weekly.You need to consult to web Hosting provider to change the password of your PhpAdmin.
     
    LarueOutlaw, Mar 29, 2013 IP
  16. gavo

    gavo Active Member

    Messages:
    123
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    70
    #16
    I would guess someone is reading your sites config.php file and getting phpmyadmin details, most likely with a shell script.
    Do you share the server? or maybe there is a compromised site on the server, is your MySQL pass unique, eg. not the same as the hosting panel login?

    If you think its brute force install CSF firewall and configure it to IP ban after 3 failed login attempts.
     
    gavo, Apr 23, 2013 IP
  17. healzer

    healzer Greenhorn

    Messages:
    16
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    23
    #17
    If you run your own dedicated server or VPS then contact me
    Else, contact your provider and explain the issue, make sure they change all your passwords/usernames and firewall settings!
     
    healzer, May 10, 2013 IP