Hi, For some reason my server crashed. When I brought it back up I found no real problems or inconsistencies, but when tried to visit phpmyadmin I get: 1045 - Access denied for user 'root'@'localhost' (using password: NO) Invalid hostname for server 1. Please review your configuration. Any way to solve this?
By the way, this shows everytime, i can't even try to login, it happens as soon as i open phpmyadmin.
Make sure that you close all browser windows and then open the browser again before you connect to phpmyadmin.
I have exactly the same problem. It appeared out of nowhere, maybe after I did an update. I tried what you suggested, but it seems clear that this is a server problem.
No workieworkie - workaround provided exactly, manarak! Anyway, what I did as a workaround was: Edit /var/lib/phpmyadmin/config.inc.php; Change the option value 'config' to 'cookie'. I'm still getting the error "Invalid hostname for server 1. Please review your configuration." but at least I can login again.
ok, it looks like the config file was changed, the hostname is commented out and there is a phpinfo(); in its place. that could be an injection attack ? is there a known vulnerability?
Which software do you mean? ISPConfig or phpmyadmin? In ISPConfig there are no known vulnerabilities. Which config file was changed?
yes there is: http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/ we have been injected !!
Make sure that you install all available debian updates. phpmyadmin is part of debian and not part of ispconfig.
my server has always been updated less than 12 hours after new versions were out. it is just frightening!! two weeks ago I have been infected with very nasty troyans on the PC inspite of an up-to-date antivirus. then there are those nasty hidden iframe viruses out... the internet has become VERY DANGEROUS in the last months!
Ok, then it might be that there is no patch availabe for this vulnerability from debian yet. Sad but might always happen. Scan your system with rkhunter and chrootkit and check if there are any other modifications. Also you should consider to deactivate phpmyadmin temporarily.
I changed the topic, but thats the problem if you post to other threads instead of making a new one. The original poster had a login problem with phpmyadmin and this does not nescessarily mean that his system had been hacked like yours.
the probability that he has been injected like me is 99% the injection does modify the hostname entry in the config file, and his problem appeared out of nowhere in the last days... Now how big a coincidence is that??
If debian does not release a bugfix for that, you should either remove phpmyadmin or protect it with a .htaccess file or install your own copy from sources without using the debian package.
