Lock PMA to preapproved IPs

GoWilkes

Well-Known Member
Sep 26, 2006
613
25
168
cPanel Access Level
Root Administrator
I have someone breaking in to my PMA!! Can you guys and gals suggest a way to block all access attempts unless the IP range is pre-approved?

I don't ttink that cPHulk would help because then I would have to approve every IP of every user, I need this to be site-specific.
 

cPSamuelM

Technical Analyst Team Lead
Staff member
Nov 20, 2019
196
38
103
USA
cPanel Access Level
Root Administrator
Hello @GoWilkes

Assuming you are using the version of phpMyAdmin that is provided by cPanel, cPHulk can be used to protect it. You can in fact specify IP ranges for cPHulk and not just single IP addresses. You would need to use CIDR notation to add IP ranges to cPHulk's whitelist or blacklist.

For example 192.168.1.0/24 represents IP addresses 192.168.1.1 through 192.168.1.254.

For more documentation on whitelisting IP addresses in cPHulk please see this article:
How to Whitelist an IP address in cPhulk

Please let us know if you have any questions.
 

GoWilkes

Well-Known Member
Sep 26, 2006
613
25
168
cPanel Access Level
Root Administrator
But that would be server-wide, right? Not for the one site?

That complicates things, I wouldn't know the IP ranges for every client... especially those that use a mobile device. My own site is different, I can restrict it tightly and understand, but a client wouldn't be the same.
 

cPSamuelM

Technical Analyst Team Lead
Staff member
Nov 20, 2019
196
38
103
USA
cPanel Access Level
Root Administrator
Yes, that is correct, the cPHulk whitelist applies server-wide.

Note that phpMyAdmin access is restricted to port 2083 and is tied to the cPanel username and password. If you suspect that there is unauthorized access to phpMyAdmin, I recommend you reset the affected cPanel user's password.
 

GoWilkes

Well-Known Member
Sep 26, 2006
613
25
168
cPanel Access Level
Root Administrator
I did change all of my passwords, but the next day they were right back in there! I know they don't have root access because I DO get an email for that, but somehow they're getting in to PMA. I found that they were adding an Adsense script to everything, trying to divert my Adsense earnings to their account! I reported it to Adsense, so they'll probably do something in the next year or so :-/

I'm assuming there's no built-in way to restrict it, so I wrote my own .htaccess that seems to be working. Posted here for future readers:

Code:
RewriteCond %{REQUEST_URI} /(?:phpMyAdmin|cpanel|frontend)/ [NC,OR]
RewriteCond %{SERVER_PORT} ^2083$ [OR]

RewriteCond %{REQUEST_URI} /(?:whm|configserver)/ [NC,OR]
RewriteCond %{SERVER_PORT} ^2087$

# where "123.45.x.x" represents my pre-approved IP
RewriteCond %{REMOTE_ADDR} !^123\.45\.

RewriteRule ^ - [F]
 

cPanelChris

Moderator
Staff member
Feb 16, 2020
38
5
8
Houston, TX
cPanel Access Level
Root Administrator
Hello @GoWilkes ,

I am not aware of any built-in method for restricting phpMyAdmin access specifically. Thank you for providing your solution.

Regarding the repeated unauthorized access to phpMyAdmin, you may want to contact a security professional or system administrator to look into this further. One possibility that occurs to me is that the email account associated with the cPanel account has been compromised and is being used to perform password resets.

cPanel does not provide security or general system administration services, but we do have a listing of system administrators here.