Forum Moderators: phranque
I'd like to set up a method banning any such requests to all but myself, but the problem is that, as I am mobile, I may need to contact from several different IP's. This and the fact that whoever's targeting my server is changing IP's with every group of requests. Is there any logical way to block "illegal" phpmyadmin requests with .htaccess, or should I resort to another method, such as ssh or certificates for example?
Thanks for any and all advice.
[edited by: Josefu at 8:12 am (utc) on Dec. 23, 2007]
You could block phpmyadmin access to all except your fixed (home and office) IP addresses (or address ranges) and also allow access from (the larger) IP address ranges used by your wireless provider -- with the further qualification that the requesting user-agent must match that of your phone's Web browser(s).
How big you make the IP address ranges and how specific you want to be with your phone's user-agent string (i.e. you may want to allow for browser version upgrades) depends on just "how bad" the abusive requests are.
The problem isn't really the implementation, it is 'defining' what is a good request and what is a bad request based only upon the information sent with that request.
Then you can implement a solution that is "good enough" to solve the practical problem without spending too much time writing and testing complicated code. Moving toward SSH and/or secure HTTPS login would be a good long-term goal.
One thing I do with these abusive phpmyadmin requests is to first rewrite them to a subdirectory which contains its own very-short (or even 0-byte) custom 403 error page. This minimizes the bandwidth wasted on serving a proper 403 error page to these malicious user-agents, and can make a difference if you are receiving a flood of these requests. Also, disconnect the client after sending the 403 response, so as not to tie up the server thread in keepalive mode -- Free it up for someone else to use. I use:
# Disconnect client after 403 response
<FilesMatch "^custom-403-page\.html$">
SetEnv nokeepalive
</FilesMatch>
I do like the idea of a one-IP only access - how about hooking up to a central server through something like VPN? That way I could log on from anywhere, using ssh, with no problem... and could block positively all queries for anythhing phpmyadmin - save my own through that server.
The "disconnect" advice I wouldn't have come up with in thousand years - again, thanks!
(PS - I just noticed my "phpmysql" typo - doh! Glad you found the post all the same : )
[edited by: Josefu at 11:17 pm (utc) on Dec. 23, 2007]
If you were to run an app called phpmyadminxyz.php then only you would know that it exists. Any IP trying to access phpmyadmin is clearly sniffing around and should be logged and blocked.
I never use stock names for any app be it a server admin utility, messageboard, logfile analyser. I too get thousands of requests for files but they are never found!
[edited by: Frank_Rizzo at 11:46 am (utc) on Dec. 24, 2007]
Thanks, and happy holidays!
If you want to have a little fun you can actually redirect these requests to other internal pages on your website, a non-existent website, or to awebsite or server compeltely unrelated.
Redirect 301 /phpmyadmin http://www.anysiteiwanttosendthetrafficto.com
If you are seeing quite a few of these connections originating from a specific country, you can also use Country IP Blocks like those located at countryipblocks.net
As many of my clients experience problems from probes/hackers/crackers/SPAM, etc., from specific countries we will use the Country IP Blocks to generate specific rulesets to limit or deny access to certain countries or networks within those countries.
[edited by: jdMorgan at 7:22 pm (utc) on Dec. 26, 2007]
[edit reason] de-linked. [/edit]
