Jump to content

people looking for phpmyadmin install

isedeasy

By isedeasy
in Miscellaneous

 Share

Recommended Posts

isedeasy Member

isedeasy

Posted
Posted

Is it normal to have somebody looking for a phpmyadmin install on a daily basis.

 

I am getting someone (through a script) search about 100 - 200 locations for a phpmyadmin install, I block the IP but within 10 -20 hours another IP will do the exact same thing.

 

Is this normal and do I have anything to worry about if they find my phpmyadmin install, obviously its password protected.

Link to comment
https://forums.phpfreaks.com/topic/208277-people-looking-for-phpmyadmin-install/
Share on other sites
cags Member

cags

Posted
Posted

You're not the first person to ask about this. It's not that uncommon. As far as I'm aware the idea behind it is if you scan enough servers you will find somebody stupid enough to be using passwords that they can easily brute force/dictionary attack.

JonnoTheDev Regular Member

JonnoTheDev

Posted
Posted
Is this normal and do I have anything to worry about if they find my phpmyadmin install, obviously its password protected.

Never install in a subfolder from a website. Put phpmyadmin on a domain that you do not use publically i.e

myadmin.somerandomdomainname.com

 

If you have a static IP then add to the allowed list in an .htaccess. Reject all others. Use htpasswd also.

isedeasy Member

isedeasy

Posted
  • Author
Posted

 

 

If you have a static IP then add to the allowed list in an .htaccess. Reject all others. Use htpasswd also.

 

This seems like a good idea, I don't have a fixed IP but I think I may still add a .htaccess file. Just means I have to change my .htaccess file when my IP changes, I don't really use phpmyadmin very often.

The Little Guy Prolific Member

The Little Guy

Posted
Posted

Is this normal and do I have anything to worry about if they find my phpmyadmin install, obviously its password protected.

Never install in a subfolder from a website. Put phpmyadmin on a domain that you do not use publically i.e

myadmin.somerandomdomainname.com

 

I agree. If you have an intranet, put it there, or install it locally only.

JonnoTheDev Regular Member

JonnoTheDev

Posted
Posted
Can it be configured to connect to remote databases, then?

Can connect to any host. You would just have to first grant user privileges to the connecting IP address / hostname.

I would prefer to run on the actual database server for speed using a domain that is not used for any website.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.