The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

is people trying to access accessing phpmyadmin with ip adress is a threat ????

Discussion in 'Security' started by xavi1, Apr 5, 2011.

  1. xavi1

    xavi1 Registered

    Joined:
    Apr 4, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    In recent times my log shows people trying to access phpmyadmin using http request like
    http://"ipadress"/phpmyadmin and the list goes on with different names like admin, myadmin, pma etc.,

    I have not faced any problem yet but wanted to know is it a threat or how to handle such cases and any worst case scenario


    Thank u friends
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Are you seeing this in the Apache access_log, or the cPanel access_log?

    If you are seeing it in the Apache access_log, then it is likely simply due to a bot looking for weak servers to access/infect/compromise. The phpMyAdmin installation provided by cPanel does not run through Apache's PHP, so there is no way to access it by sending a request over port 80.

    If you can tell us in which log you are seeing this, and possibly provide an example log entry (with the IP address munged to prevent publicly revealing your IP address), we may be able to offer more specific advice.
     
  3. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Of note, since PhpMyAdmin runs on the same port as cPanel, you could block all access to cPanel using WHM > Host Access Control and using "cpaneld" as the daemon process to deny. If you did this, you'd simply allow the IPs that are legitimate traffic to cPanel and then deny all other IPs. Alternatively, you could deny the IPs that are trying to brute force the service there.

    The way you setup the entries in WHM > Host Access Control would be the following to allow a set IP (12.12.12.12) and then deny all other access:

    Code:
    [b]Daemon 	  Access List 	Action   Comment[/b]
    cpaneld   12.12.12.12 	allow 	 Allow  12.12.12.12 access to cPanel
    cpaneld	  ALL 	  	deny 	 Deny access from all other IPs
    The following would be used to allow a set IP (12.12.12.12) and deny a set IP (12.12.12.24) without denying all IPs:

    Code:
    [b]Daemon 	 Access List 	 Action   Comment[/b]
    cpaneld  12.12.12.12 	 allow 	  Allow 12.12.12.12 access to cPanel
    cpaneld  12.12.12.24 	 deny 	  Deny access from 12.12.12.24
     
Loading...

Share This Page