phpMyAdmin Apache Ubuntu Security Authentication Authorization
When it come to cyber security it should be taken very seriously. Most commonly used web applications such as WordPress store all your information including passwords on a MySQL database. phpMyAdmin is an excellent way to theses manage information stored on MySQL databases. However because of its ubiquity, phpMyAdmin it is a popular target for attackers.
In this tutorial, we will go over how to secure phpMyAdmin to prevent unauthorised access.
This may seem very obvious but most attackers get access to phpMyAdmin using an attack method know as brute force attack. Brute force attacks consist of systematically checking all possible passwords until the correct one is found. Use a password that doesn't have any dictionary words and include numbers and symbols on your password.
By default, phpMyAdmin web interface is accessed using /phpmyadmin/
path. We can change this path to a secret path, by doing this only user who know this path can access phpMyAdmin interface.
We need to edit this file to change web interface path for phpMyAdmin /etc/apache2/conf-enabled/phpmyadmin.conf
, you can open this file using your preferred text editor, I will be using nano for this tutorial:
sudo nano /etc/apache2/conf-enabled/phpmyadmin.conf
You should see a line that looks like this on the top of the page.
Alias /phpmyadmin /usr/share/phpmyadmin
This line means is forward all incoming traffic to /phpmyadmin/
to /usr/share/phpmyadmin
, where phpMyAdmin files are located. We can edit the /phpmyadmin
to any path you like, for this example I will use the path /secret
. It should look like this once edited.
Alias /secret /usr/share/phpmyadmin
Now save the file and restart apache to load changes we have made by running this command:
sudo service apache2 restart
You can now access phpMyAdmin web interface using your public Ip address or domain name followed by the secret path.
In addition to changing the path, we can use Apache authentication and authorization module to require users to login using a set username and password before they can login to phpMyAdmin.
First, we need to install apache2-utils package using apt-get package repository. You can run the following command to install this package:
sudo apt-get install apache2-utils
Now we can create the user and password that will be used to authenticate with Apache to access phpMyAdmin.
sudo htpasswd -c /usr/share/phpmyadmin/.htpasswd user
You will be asked to enter the password for the user and confirm it. This command will create the .htpasswd file in /usr/share/phpmyadmin/
directory which will include our username and encrypted password.
If you would like to add additional users to an existing htpasswd file, you have to run the command without the -c flag, for example:
sudo htpasswd /usr/share/phpmyadmin/.htpasswd seconduser
We need to edit the /etc/apache2/conf-enabled/phpmyadmin.conf
file and tell it to use the htpasswd file we created. Again, I will be using nano to edit the file, but you can use your preferred text editor.
sudo nano /etc/apache2/conf-enabled/phpmyadmin.conf
Add the lines in red to your configuration file.
<Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php AuthType Basic AuthName "Restricted Files" AuthUserFile /usr/share/phpmyadmin/.htpasswd Require valid-user
Save the file and close out of nano once you have added the lines in red.
We are almost done, we need to restart Apache to implement the changes we have made. You can restart Apache by running this command:
sudo service apache2 restart
Now you should see a message similar to this when you go to your phpMyAdmin web interface.
Type the username and password that we created to continue to phpMyAdmin.
Above methods will add additional layers of security to phpMyAdmin making it difficult for attackers to get into your phpMyAdmin. However more and more vulnerabilities are found each day when it comes to servers, you should always be running the latest versions of programs to protect yourself from theses vulnerabilities.
Comments
Add comment