phpMyAdmin on ViciBox v.9.0+

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

phpMyAdmin on ViciBox v.9.0+

Postby Kumba » Fri Jun 05, 2020 4:38 pm

On ViciBox v.9.0 (and v.8.1+ I believe) phpMyAdmin is not setup by default even if you select it during the install. This was done deliberately because phpMyAdmin is a HUGE security hole. I cannot stress enough how much of a security problem phpMyAdmin is if it ever gets exposed to the public internet. It's very likely your box will be compromised within an hour if it is inadvertently exposed.

However, if after reading the above and accepting the potential risk should phpMyAdmin not be properly secured, here's how you enable it:
Code: Select all
ln -s /usr/share/phpMyAdmin /srv/www/htdocs/


Once you run the above code, phpMyAdmin will just start working. The default apache configuration file for phpMyAdmin limits accessibility to local IPs only by default as well. To further secure or grant additional IP access you will need to edit /etc/apache2/conf.d/phpMyAdmin.conf and make the appropriate modifications.
Kumba
 
Posts: 886
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: phpMyAdmin on ViciBox v.9.0+

Postby carpenox » Wed Jun 24, 2020 10:00 pm

Perhaps this will help someone looking to make sure they secure there phpMyAdmin:

Code: Select all
####Securing phpMyAdmin#####

nano /etc/apache2/conf.d/phpMyAdmin.conf

###change the following:

<Directory /usr/share/phpMyAdmin>

    Options FollowSymLinks
    AllowOverride All   #This was "None"

    <IfVersion < 2.4>
        Order Deny,Allow
        Allow from all
    </IfVersion>


###save and exit

nano /usr/share/phpMyAdmin/.htaccess

####Enter the following:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpMyAdmin/.htpasswd
Require valid-user

###save and exit

zypper install apache2-utils

htpasswd -c /etc/phpMyAdmin/.htpasswd whatever.username.u.want
Password: enter the password u want

##restart apache
service apache restart or systemctl restart apache

###go to your phpmyadmin

http://server.ip/phpMyAdmin


##Enjoy
Leap 15.2 | Version: 2.14-815a | BUILD: 210615-1108 | SVN Version: 3456 | DB Schema Version: 1635 | Asterisk 16.17.0-vici
www.CyburityLLC.com -:- 844-PC-SATA-2 -:- My Blog: the.cyburhacker.com -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 1362
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: phpMyAdmin on ViciBox v.9.0+

Postby Zaraab » Fri Oct 16, 2020 12:24 am

I want to allow only one IP which can access the phpmyadmin.

How can I do thati?
Zaraab
 
Posts: 84
Joined: Fri May 22, 2020 1:21 pm

Re: phpMyAdmin on ViciBox v.9.0+

Postby Zaraab » Tue Oct 27, 2020 2:37 am

How to delete access and change password of this phpmyadmin page?

how to allow specific Ip only?
Zaraab
 
Posts: 84
Joined: Fri May 22, 2020 1:21 pm

Re: phpMyAdmin on ViciBox v.9.0+

Postby carpenox » Tue Oct 27, 2020 7:42 am

htpasswd -c /etc/phpMyAdmin/.htpasswd whatever.username.u.want (will change the pw)

firewall-cmd --zone=trusted --add-source=127.0.0.1 (put your IP obviously) - you need to have youre firewall setup correctly for this to work though
Leap 15.2 | Version: 2.14-815a | BUILD: 210615-1108 | SVN Version: 3456 | DB Schema Version: 1635 | Asterisk 16.17.0-vici
www.CyburityLLC.com -:- 844-PC-SATA-2 -:- My Blog: the.cyburhacker.com -:- Whatsapp: +19549477572 -:- Skype: live:carpenox_3
carpenox
 
Posts: 1362
Joined: Wed Apr 08, 2020 2:02 am
Location: Coral Springs, FL

Re: phpMyAdmin on ViciBox v.9.0+

Postby Zaraab » Wed Nov 04, 2020 8:06 am

Thanks genius
Zaraab
 
Posts: 84
Joined: Fri May 22, 2020 1:21 pm


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 15 guests