We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on Vesta 2.0 and expect to release it by the end of 2024. Read more about it: https://vestacp.com/docs/vesta-2-development
[GUIDE] Secure PhpMyAdmin
[GUIDE] Secure PhpMyAdmin
I have compiled some tips to add extra layer of protection to your phpmyadmin. Vesta Control Panel is really good but it seems like its lacking in the security department so I want to help as much as possible.
Add htaccess login (extra login)
more info: https://degreesofzero.com/article/how-t ... admin.html
Change the default /phpmyadmin alias to something like /phpmyadmin-vcn0vgu02j0239f
more info: viewtopic.php?f=10&t=5264 (thanks john)
check your config locations here: http://vestacp.com/docs/#config-log-loc ... hel-centos
Alternative (most recommended)
Enable SSL on phpmyadmin and access only from name server
1. create web domain using your name server (server1.myserver.com) with SSL support and nginx
2. edit /etc/httpd/conf.d/phpMyAdmin.conf (centos 6) and delete the following (see below) and save
3. edit /home/admin/conf/web/shttpd.conf from step 1(see above) and paste the following (see below) before this line </VirtualHost> and save
4. restart apache server
5. you may now access your phpmyadmin with SSL from only the domain name you made.
Force SSL Connection on phpmyadmin
1. go to folder /usr/share/phpMyAdmin (centos 6)
2 create file config.inc.php and put the following code below and save
Add nameserver referral access only (you can only access phpmyadmin by clicking it from the control panel) also uses htaccess
1. open /usr/share/phpMyAdmin (centos 6)
2. create .htaccess file and paste the following code below (replacing the proper domain info server1.yourdomain.com)
3. update the phpmyadmin link from vesta control panel viewtopic.php?f=10&t=5264
now that you have that in place. you wont be able to access phpmyadmin directly in your web browser. you need to click the phpmyadmin link from vesta control panel
Add htaccess login (extra login)
more info: https://degreesofzero.com/article/how-t ... admin.html
Change the default /phpmyadmin alias to something like /phpmyadmin-vcn0vgu02j0239f
more info: viewtopic.php?f=10&t=5264 (thanks john)
check your config locations here: http://vestacp.com/docs/#config-log-loc ... hel-centos
Alternative (most recommended)
Enable SSL on phpmyadmin and access only from name server
1. create web domain using your name server (server1.myserver.com) with SSL support and nginx
2. edit /etc/httpd/conf.d/phpMyAdmin.conf (centos 6) and delete the following (see below) and save
Code: Select all
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
Order Deny,Allow
Deny from All
Allow from All
</Directory>
<Directory /usr/share/phpMyAdmin/scripts/>
Order Deny,Allow
Deny from All
Allow from All
</Directory>
Code: Select all
Alias /phpmyadmins-GENERATE-RANDOM-PASS-CODE-HERE /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AllowOverride All
SSLRequireSSL
Options +Includes -Indexes +ExecCGI
</Directory>
<Directory /usr/share/phpMyAdmin/scripts/>
AllowOverride All
SSLRequireSSL
Options +Includes -Indexes +ExecCGI
</Directory>
5. you may now access your phpmyadmin with SSL from only the domain name you made.
Code: Select all
https://server1.myserver.com/phpmyadmins-GENERATE-RANDOM-PASS-CODE-HERE
Force SSL Connection on phpmyadmin
1. go to folder /usr/share/phpMyAdmin (centos 6)
2 create file config.inc.php and put the following code below and save
Code: Select all
<?php $cfg['ForceSSL'] = true; ?>
Add nameserver referral access only (you can only access phpmyadmin by clicking it from the control panel) also uses htaccess
1. open /usr/share/phpMyAdmin (centos 6)
2. create .htaccess file and paste the following code below (replacing the proper domain info server1.yourdomain.com)
Code: Select all
RewriteEngine On
RewriteCond %{HTTP_REFERER} !(server1.)?yourdomain.com
RewriteRule .* - [F]
now that you have that in place. you wont be able to access phpmyadmin directly in your web browser. you need to click the phpmyadmin link from vesta control panel
Re: [GUIDE] Secure PhpMyAdmin
Hi, erldcrtz
Thank you. I hope it's help our users
Thank you. I hope it's help our users
Re: [GUIDE] Secure PhpMyAdmin
How can i set it up with debian?
Re: [GUIDE] Secure PhpMyAdmin
This is a very good Guide.
Which i plan to use if however someone can explain this part:
I get that your supposed to update the link to phpmyadmin in the theme using those instructions however the thing is this guide changes phpmyadmin to work from a sub domain and then he links it to a seperate thread that just changes the alias and he doesn't provide any further code to actually update the code.. and therefore makes it kind of hard to finish the guide.
I am quite confused as to what to do exactly and what to change in the theme for the rest of the guide to actually work properly. If someone could explain this and provide some more information on how to update it to reflect the rest of this guide and load phpmyadmin correctly only from referral of the VestaCP panel then i would be very grateful :)
Thanks
Which i plan to use if however someone can explain this part:
I am a little confused to how to do this part as he did not explain that part and what to do with that topic.3. update the phpmyadmin link from vesta control panel viewtopic.php?f=10&t=5264
I get that your supposed to update the link to phpmyadmin in the theme using those instructions however the thing is this guide changes phpmyadmin to work from a sub domain and then he links it to a seperate thread that just changes the alias and he doesn't provide any further code to actually update the code.. and therefore makes it kind of hard to finish the guide.
I am quite confused as to what to do exactly and what to change in the theme for the rest of the guide to actually work properly. If someone could explain this and provide some more information on how to update it to reflect the rest of this guide and load phpmyadmin correctly only from referral of the VestaCP panel then i would be very grateful :)
Thanks
Re: [GUIDE] Secure PhpMyAdmin
alex809 wrote:This is a very good Guide.
Which i plan to use if however someone can explain this part:
I am a little confused to how to do this part as he did not explain that part and what to do with that topic.3. update the phpmyadmin link from vesta control panel viewtopic.php?f=10&t=5264
I get that your supposed to update the link to phpmyadmin in the theme using those instructions however the thing is this guide changes phpmyadmin to work from a sub domain and then he links it to a seperate thread that just changes the alias and he doesn't provide any further code to actually update the code.. and therefore makes it kind of hard to finish the guide.
I am quite confused as to what to do exactly and what to change in the theme for the rest of the guide to actually work properly. If someone could explain this and provide some more information on how to update it to reflect the rest of this guide and load phpmyadmin correctly only from referral of the VestaCP panel then i would be very grateful :)
Thanks
sorry for the late reply
read under "THEME/UI EDIT Link" viewtopic.php?f=10&t=5264
in other words edit these files and update the links of phpmyadmin to the new one you created
/usr/local/vesta/web/templates/admin/list_db.html
if ($data[$key]['TYPE'] == 'mysql') $db_admin_link = "http://".$http_host."/phpmyadmin/";
/usr/local/vesta/web/templates/user/list_db.html
if ($data[$key]['TYPE'] == 'mysql') $db_admin_link = "http://".$http_host."/phpmyadmin/";
Re: [GUIDE] Secure PhpMyAdmin
Unfortunately adding the alias and directory in step 3 did not work me. But alternatively (although a bit less secure) you can also add a symlink to phpmyadmin from the secure directory.
In /home/admin/web/<domain-name>/public_shtml (provided you selected public_shtml as the directory in SSL setup of domain) execute:
Open phpMyAdmin with:
Andre
In /home/admin/web/<domain-name>/public_shtml (provided you selected public_shtml as the directory in SSL setup of domain) execute:
Code: Select all
ln -s /usr/share/phpmyadmin/ phpmyadmin-YOUR-SECRET-CODE
Code: Select all
https://<domain-name>/phpmyadmin-YOUR-SECRET-CODE
Re: [GUIDE] Secure PhpMyAdmin
Hello newbie here can you please hel me with this one?
If my domain is pandabb.com how do i put here ? whats server1?
ex. my hostname is cute.pandabb.com
RewriteCond %{HTTP_REFERER} !(server1.)?yourdomain.com
If my domain is pandabb.com how do i put here ? whats server1?
ex. my hostname is cute.pandabb.com
Re: [GUIDE] Secure PhpMyAdmin
Something like this:pandabb wrote:If my domain is pandabb.com how do i put here ? whats server1?RewriteCond %{HTTP_REFERER} !(server1.)?yourdomain.com
RewriteCond %{HTTP_REFERER} !^(www.)?pandabb.com
Re: [GUIDE] Secure PhpMyAdmin
Could you someone help me with this:
My vestaCP is located to: panel.mydomain.com, so I change the .htaccess with:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !(panel)?mydomain.com
RewriteRule .* - [F]
But I can't access phpmyadmin not from VestaCP, nor from mydomain.com/phpmyadmin
What I'm doing wrong?
I do the steps, but when I try to access the phpmyadmin from my VestaCP the message appear: Internal Server ErrorAdd nameserver referral access only (you can only access phpmyadmin by clicking it from the control panel) also uses htaccess
1. open /usr/share/phpMyAdmin (centos 6)
2. create .htaccess file and paste the following code below (replacing the proper domain info server1.yourdomain.com)
CODE: SELECT ALL
RewriteEngine On
RewriteCond %{HTTP_REFERER} !(server1.)?yourdomain.com
RewriteRule .* - [F]
3. update the phpmyadmin link from vesta control panel viewtopic.php?f=10&t=5264
now that you have that in place. you wont be able to access phpmyadmin directly in your web browser. you need to click the phpmyadmin link from vesta control panel
My vestaCP is located to: panel.mydomain.com, so I change the .htaccess with:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !(panel)?mydomain.com
RewriteRule .* - [F]
But I can't access phpmyadmin not from VestaCP, nor from mydomain.com/phpmyadmin
What I'm doing wrong?
-
- Collaborator
- Posts: 783
- Joined: Mon May 11, 2015 8:43 am
- Contact:
- Os: CentOS 6x
- Web: apache + nginx
Re: [GUIDE] Secure PhpMyAdmin
If I take a quick look at your htaccess, I see that you are missing a '.' after panel.lemonadv wrote:Could you someone help me with this:
I do the steps, but when I try to access the phpmyadmin from my VestaCP the message appear: Internal Server ErrorAdd nameserver referral access only (you can only access phpmyadmin by clicking it from the control panel) also uses htaccess
1. open /usr/share/phpMyAdmin (centos 6)
2. create .htaccess file and paste the following code below (replacing the proper domain info server1.yourdomain.com)
CODE: SELECT ALL
RewriteEngine On
RewriteCond %{HTTP_REFERER} !(server1.)?yourdomain.com
RewriteRule .* - [F]
3. update the phpmyadmin link from vesta control panel viewtopic.php?f=10&t=5264
now that you have that in place. you wont be able to access phpmyadmin directly in your web browser. you need to click the phpmyadmin link from vesta control panel
My vestaCP is located to: panel.mydomain.com, so I change the .htaccess with:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !(panel)?mydomain.com
RewriteRule .* - [F]
But I can't access phpmyadmin not from VestaCP, nor from mydomain.com/phpmyadmin
What I'm doing wrong?
Example:
Code: Select all
RewriteCond %{HTTP_REFERER} !(server1.)?yourdomain.com
Code: Select all
RewriteCond %{HTTP_REFERER} !(panel)?mydomain.com