Portal Home > Knowledgebase > Articles Database > PhpMyAdmin
PhpMyAdmin
Posted by brohemian, 07-27-2015, 04:51 PM |
I was looking through the Apache logs on a server and someone was requesting domain.com/phpmyadmin/js/messages.php
I noticed that this file is visible on the web and I noticed it's visible on other sites. Is this something I should be worried about?
Thanks for any help.
|
Posted by whmcsguru, 07-27-2015, 04:54 PM |
If anything related to phpmyadmin is available without prompting for security credentials (htaccess popup, some other form), then yes, you should be worried about it.
|
Posted by creativexbits, 07-27-2015, 06:32 PM |
Don't allow remote IP-s access phpmyadmin. Allow only from whitelists or use session to check if user comes from control panel and is already logged in
|
Posted by Srv24x7, 07-28-2015, 10:38 AM |
Hi,
Accessing the phpmyadmin directly can turn out to be a security risk and query can be entered to cause issues to the certain database.
It is better to have a security protection enabled like the htaccess use and allowing only authenticated users to use them.
|
Posted by RideCut, 09-10-2015, 12:10 PM |
brohemian,
Accessing the phpmyadmin from remote IPs can be a security risk. It's better to be prompted for security protection like htaccess. Check whether the user is from control panel and is already logged in.
|
Add to Favourites Print this Article
Also Read
Nac (Views: 494)