>> Subject: [coba-e:15747] Restrict phpmyadmin to local machines only
>>
>>
>>> My server has recently been getting a number of hits of people trying
>>> to hack into phpmyadmin (version v2.7.0-pl1) and as I do not require
>>> any external access to it I wanted to restrict access to all machines
>>> except those on my local network, after a bit of searching I added the
>>> following to "/home/phpmyadmin/config.inc.php"
>>>
>>> /**
>>> * block root from logging in except from the private networks
>>> */
>>> $cfg['Servers'][$i]['AllowDeny']['order'] = 'deny,allow';
>>> $cfg['Servers'][$i]['AllowDeny']['rules'] = array(
>>> 'deny from all',
>>> 'allow from localhost',
>>> 'allow from 192.168.0.0/23',
>>> );
>>>
>>>
>>> Unfortunately this did not work (down to my novice knowledge) so I am
>>> after some assistance and guidance on how I should proceed.
>>>
>>> As an aside, how do I restart phpmyadmin without bouncing the box ?
>>>
>>> regards
>>>
>>> Gnome
>>
>>
>> One other option would be to change the alias from /phpmyadmin/
>> to something like
>> /phpmyadmin2288/
>>
>>
>>
>> ----
>> Ken Marcus
>> Ecommerce Web Hosting by
>> Precision Web Hosting, Inc.
>> http://www.precisionweb.net
>>
>>
> Ken
>
> Changing the alias sounds like a good way to diver people from obvious
> names, could you give me a bit of guidance on how to do this properly.
>
>
> Regards
>
> Gnome
Gnome
Try this
cd /etc/httpd/conf.d
grep phpmyadmin *
#that might show a file like phpmyadmin.conf
#edit the file it finds.
pico -w phpMyAdmin.conf
#then change
Alias /phpMyAdmin /usr/share/phpMyAdmin
to for example,
Alias /phpMyAdmin4967new /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
to, for example,
Alias /phpmyadmin4967new /usr/share/phpMyAdmin
#then
/etc/rc.d/init.d/httpd reload
----
Ken Marcus
Ecommerce Web Hosting by
Precision Web Hosting, Inc.
http://www.precisionweb.net