I have noticed that there are strange requests to my website trying to find phpmyadmin, like
/phpmyadmin/
/pma/
etc.
Now I have ins
The biggest threat is that an attacker could leverage a vulnerability such as; directory traversal, or using SQL Injection to call load_file()
to read the plain text username/password in the configuration file and then Login using phpmyadmin or over tcp port 3306. As a pentester I have used this attack pattern to compromise a system.
Here is a great way to lock down phpmyadmin:
grant
or file_priv
. file_priv
permissions from every account. file_priv
is one of the most dangerous privileges in MySQL because it allows an attacker to read files or upload a backdoor. Order deny,allow Deny from all allow from 199.166.210.1
Do not have a predictable file location like: http://127.0.0.1/phpmyadmin
. Vulnerability scanners like Nessus/Nikto/Acunetix/w3af will scan for this.
Firewall off tcp port 3306 so that it cannot be accessed by an attacker.