We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
phpmyadmin on port 80...
phpmyadmin on port 80...
Why is phpmyadmin on port 80 when you have a administrative port open on 8083 by default? It puzzles me greatly.
In a ideal world, no one would use phpmyadmin, but putting it on port 80 with no .htaccess authorization as well is scary.
When I attempt to edit the conf, to listen in on port 8085, it does work, however vestacp is also listening in on port 80 for phpmyadmin, as well as port 8085 will forward to the base web directory of the site when it should go no where.
Why is this, and how to I stop this strange behavior?
In a ideal world, no one would use phpmyadmin, but putting it on port 80 with no .htaccess authorization as well is scary.
When I attempt to edit the conf, to listen in on port 8085, it does work, however vestacp is also listening in on port 80 for phpmyadmin, as well as port 8085 will forward to the base web directory of the site when it should go no where.
Why is this, and how to I stop this strange behavior?
Code: Select all
# phpMyAdmin default Apache configuration
Alias /phpmyadmin /usr/share/phpmyadmin
Listen 8085
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
</IfModule>
</Directory>
# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
Require valid-user
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
Order Deny,Allow
Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
Order Deny,Allow
Deny from All
</Directory>
Re: phpmyadmin on port 80...
8083 - only for Vesta
Re: phpmyadmin on port 80...
Could be for many of vesta's administrative scripts. Port is definitely not bound to one script. Having phpmyadmin outside a secure location is inherently a security flaw. Documentation for phpmyadmin is very clear that phpmyadmin is not to be on port 80 in production environments. Have you noticed how phpmyadmin on cpanel and WHM are on the same port as cpanel, so it is as secure as possible? It is fairly easy to brute force phpmyadmins login, and being able to sniff it out right on port 80...
But again, the issue is, why is phpmyadmin still on port 80 when it is listening on 8085? And why does yourdomain.com:8085/ point to port 80?
Edit I was able to get it to work by editing the conf file as follows
But again, the issue is, why is phpmyadmin still on port 80 when it is listening on 8085? And why does yourdomain.com:8085/ point to port 80?
Edit I was able to get it to work by editing the conf file as follows
Code: Select all
# phpMyAdmin default Apache configuration
Alias /someotheralias /usr/share/phpmyadmin
Listen 8085
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
Order allow,deny
Allow from A_ADMIN_IP
Allow from 127
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext
</IfModule>
</Directory>
# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
Require valid-user
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
Order Deny,Allow
Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
Order Deny,Allow
Deny from All
</Directory>
-
- Support team
- Posts: 1096
- Joined: Sat Sep 06, 2014 9:58 pm
- Contact:
- Os: Debian 8x
- Web: apache + nginx
Re: phpmyadmin on port 80...
If security is your concern---
You may want to rename /phpmyadmin to something entirely "un-guessable"
[ TUTORIAL ] How to change the default /phpmyadmin alias
viewtopic.php?f=10&t=5264
You may want to rename /phpmyadmin to something entirely "un-guessable"
[ TUTORIAL ] How to change the default /phpmyadmin alias
viewtopic.php?f=10&t=5264
Re: phpmyadmin on port 80...
Security through obscurity is no security. So simply renaming the alias isn't a great idea. Selecting a different port (e.g. 8085) for this 'adminstrative tool' is a good approach. Especially when you block that port for the outside world using iptables.mehargags wrote: ↑Sat Feb 28, 2015 7:56 amIf security is your concern---
You may want to rename /phpmyadmin to something entirely "un-guessable"
[ TUTORIAL ] How to change the default /phpmyadmin alias
viewtopic.php?f=10&t=5264
The only thing you need to do is edit your /etc/httpd/conf.d/phpMyAdmin.conf (the Apache configuration). Suppose you have phpMyAdmin working properly on port 80 (/phpmyadmin)
Code: Select all
Listen 8085
<VirtualHost *:8085>
DocumentRoot /usr/share/phpMyAdmin>
ServerName phpmyadminsite
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
Order Deny,Allow
Deny from All
Allow from All
</Directory>
...etc etc ...
</VirtualHost>
Code: Select all
service httpd restart
NB: make sure you add port 8085 to your iptables firewall (through VestaCP)