Hello, I was curious about a few things. I have read that phpmyadmin can be vulnerable to the www. I wanted to do 2 things. 1. Change the "phpmyadmin" folder to another name like "mysqlmanagement". 2. Create a .htaccess file with the following in it: "Allow from 127.0.0.1" so that only the local machine can access phpmyadmin. Now renaming the folder was easy enough even for me I just have to manually type in the url which is fine. But I still thought I would ask if there is a simple way to change where the tools phpmyadmin links/points to? My second question is about the htaccess file, I have tried putting the file in "/home/admispconfig/ispconfig/web/mysqlmanagement" and to no avail, is there a certain code I need to put in there since is on the main server and not a virtual site/client/reseller account? Finally, is there a better way to secure it than what I'm trying to do? Thanks in advance for your time, Scott
The best is to protect your phpMyAdmin configuration by installing a SSL-certicate, because then all the data from and to your phpMyAdmin will be encrypted. If you don't plan to install a SSL-certicate, maybe this guide can help you.
Hello Hans and thanks for the reply. I do have a SSL certificate for the server already. The link you posted was about ISPConfig 3 and I checked my ISPConfig 2 files and phpmyadmin isnt in the folder the tutorial lists. I am a complete newb and cannot extrapolate the info from that tutorial and apply it to my own set up. It could be that I am being too anal lol. Perhaps it is because I am new to Linux and reading every scrap of info I can trying to teach myself. I had read several blogs and forums mentioning how phpmyadmin was vulnerable since hackers new the folder would be http://mysite.com/phpmyadmin I figured I would try to go for the trifecta of secureness by: a. Renaming my phpmyadmin folder to something insanely vague b. Putting a htaccess file in there only allowing either my static IP or the local machine IP. c. SSL Certificate As I said, I am probably overreacting lol lack of knowledge can do that Thanks again for the input Hans, I truly appreciate it. Scott
You can change it under /home/admispconfig/ispconfig/web/tools/tools/phpmyadmin/nav.inc.php. I guess you need to put the line Code: AllowOverride All into the Code: <VirtualHost _default_:81> # General setup for the virtual host DocumentRoot "/home/admispconfig/ispconfig/web" ServerName xxx.xxx.com ServerAdmin [email protected] ErrorLog /root/ispconfig/httpd/logs/error_log TransferLog /root/ispconfig/httpd/logs/access_log </VirtualHost> stanza at the end of /root/ispconfig/httpd/conf/httpd.conf. Restart ISPConfig afterwards.
Thanks! Falko the nav.inc worked a treat sir Perfect indeed. Now on the second part, when I edited that file and tried restarting ISPConfig it gave me this: syntax error on line 1231 of /root/ispconfig/httpd/conf/httpd.conf: AllowOverride not allowed here Is there anything I might have screwed up on earlier that would block this? Thanks as always, Scott
