I have noticed that there are strange requests to my website trying to find phpmyadmin, like
/phpmyadmin/
/pma/
etc.
Now I have installed PMA on Ubuntu via apt and would like to access it via webaddress different from /phpmyadmin/. What can I do to change it?
Thanks
Update
For Ubuntu 9.10 and Apache2, the corresponding setting is located in the file /etc/apache2/conf.d/phpmyadmin.conf
which is a link to /etc/phpmyadmin/apache.conf
. The file contains
Alias /phpmyadmin /usr/share/phpmyadmin
where the first /phpmyadmin
should be changed to something different if one wants to avoid the unnecessary activity, e.g.:
Alias /secret /usr/share/phpmyadmin
The biggest threat is that an attacker could leverage a vulnerability such as; directory traversal, or using SQL Injection to call load_file()
to read the plain text username/password in the configuration file and then Login using phpmyadmin or over tcp port 3306. As a pentester I have used this attack pattern to compromise a system.
Here is a great way to lock down phpmyadmin:
grant
or file_priv
. file_priv
permissions from every account. file_priv
is one of the most dangerous privileges in MySQL because it allows an attacker to read files or upload a backdoor. Order deny,allow Deny from all allow from 199.166.210.1
Do not have a predictable file location like: http://127.0.0.1/phpmyadmin
. Vulnerability scanners like Nessus/Nikto/Acunetix/w3af will scan for this.
Firewall off tcp port 3306 so that it cannot be accessed by an attacker.