The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hack

Discussion in 'General Discussion' started by danielj, Jul 8, 2004.

  1. danielj

    danielj Member

    Joined:
    Mar 11, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    How do i fix this??
    -----------------------------
    The $cfg['PmaAbsoluteUri'] directive MUST be set in your configuration file!

    Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole.
    -----------------------------

    If someone could give me step by step instructions on how to fix this. I learn fast. Thanks in advance.
     
  2. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    set the PMA Absolute URI to your web access address ex

    http://www.domain.com/path/to/phpmyadmin/

    then.. DO NOT enter the user root in the configuration file.. that would in my mind be just stupid as there is a PHP vulnerability that if PHP Safe Mode isnt activated anyone can read any file on the server using a "cat" method which basically outputs any file to the browser.

    IF YOU MUST do this.. use .htaccess(.htpasswd) authentication to protect the phpmyadmin directory from outside access.

    MOST People just simply use cookie authentication with the blowfish encryption. And is my recomended state.

    Just look in the configuration file for the section where it wants you to specify the authentication type.

    You have 3 options, http, cookie, and config

    cookie is the most secure in my mind as it is encrypted using blowfish technology and is the easiest way of logging in.

    simply choose cookie authenticationt type and enter a blowfish encryption phrase where promoted in the config file.

    Thats it your done.
     
  3. danielj

    danielj Member

    Joined:
    Mar 11, 2004
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Thanks, i think a trojan may have been placed on my server. When i try to restore a mysql db via the cpanel restore after the file is uploaded i get a crazy looking screen full of writing and my upload url has changed to dosqlupload.html or something to that effect? How do
    i go about fixing this?
     
  4. Sheldon

    Sheldon Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    ahhhh....

    run the trojan scan in WHM?

    other than that im lost.. still new to server administration.
     
Loading...

Share This Page