1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 3:41 am May 2, 2026

Forum Moderators: coopster

Message Too Old, No Replies

phpMyAdmin - make sure to keep it up to date

I see automated searches for vulnerable versions

         

AlexK

7:36 am on Jan 10, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Glancing idly through my AWStats error-listing I came across multiple 404s for various phpmyadmin locations:

81.169.128.67 - - [08/Jan/2006:16:01:01 +0000] "GET /phpmyadmin/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:01 +0000] "GET /PMA/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:01 +0000] "GET /mysql/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:01 +0000] "GET /admin/main.php HTTP/1.1" 401 1238 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:01 +0000] "GET /db/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:01 +0000] "GET /dbadmin/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:02 +0000] "GET /web/phpMyAdmin/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:02 +0000] "GET /admin/pma/main.php HTTP/1.1" 401 1242 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:02 +0000] "GET /admin/phpmyadmin/main.php HTTP/1.1" 401 1249 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:02 +0000] "GET /admin/mysql/main.php HTTP/1.1" 401 1244 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:02 +0000] "GET /phpmyadmin2/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:02 +0000] "GET /mysqladmin/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:02 +0000] "GET /mysql-admin/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:03 +0000] "GET /main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:03 +0000] "GET /phpMyAdmin-2.5.6/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:03 +0000] "GET /phpMyAdmin-2.5.4/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:03 +0000] "GET /phpMyAdmin-2.5.1/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:03 +0000] "GET /phpMyAdmin-2.2.3/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:03 +0000] "GET /phpMyAdmin-2.2.6/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:04 +0000] "GET /myadmin/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:04 +0000] "GET /phpMyAdmin-2.6.0/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:04 +0000] "GET /phpMyAdmin-2.6.0-pl1/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:04 +0000] "GET /phpMyAdmin-2.6.3-pl1/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:04 +0000] "GET /phpMyAdmin-2.6.3/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:04 +0000] "GET /phpMyAdmin-2.6.3-rc1/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.
81.169.128.67 - - [08/Jan/2006:16:01:04 +0000] "GET /phpMyAdmin-2.6.2-rc1/main.php HTTP/1.1" 404 997 "-" "-" In:- Out:-:-pct.

(there are twice the number shown - I have removed all the 301s) (notice the speed involved)

phpMyAdmin is an excellent program, but notorious for vulnerabilities (it is currently at phpMyAdmin 2.7.0-pl2 [phpmyadmin.net], released 2005-12-27). The last vulnerability was in 2.7.0, and the last security alert was in 2.6.4-pl3.

ogletree

4:20 am on Jan 11, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I keep mine in a password protected directory.

MattyMoose

5:53 am on Jan 11, 2006 (gmt 0)

10+ Year Member



Another very simple solution:

Rename the directory where it's installed.

eg: move phpMyAdmin to onlyforme-phpMyAdmin

jatar_k

6:09 am on Jan 11, 2006 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



>> onlyforme-phpMyAdmin

but don't use that one cause the moose just outed it ;)

MattyMoose

6:08 pm on Jan 11, 2006 (gmt 0)

10+ Year Member



ROFL

As if I would use something as simple as that.

I'd use something relatively random like:

dd if=/dev/random count=64 ¦ sha256

which give me: e0cf1750849c5974874d638aee71e289d037e96ad927a4940a9d6908d694e04f at the moment.

So I'd use phpMyAdmin-e0cf1750849c5974874d638aee71e289d037e96ad927a4940a9d6908d694e04f

So there. Beat that. LOL

jatar_k

6:11 pm on Jan 11, 2006 (gmt 0)

WebmasterWorld Administrator 10+ Year Member



>> As if I would use something as simple as that

well I know that, just making sure everyone else did too ;)

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 3:41 am May 2, 2026