$hikiryu->devblog(); : The curious developper's blog 
Categories
- PHP
- Homepage project
- XMLDB
- XMLSQL
- Misc.
- Account
- Javascript
- Experimental-Cut
- Misc.
- Games
- Misc. dev.
- Help Job
- CSS
- Web
- Admin
Archives
Protect your phpMyAdmin
- 26/09/2011 | 0 comment(s)
This morning (or should I say, this night), my website http://shikiryu.com was "attacked" by a bot looking for my phpMyAdmin URL.Of course, being mutualised, I got access to my phpMyAdmin via my host and so not on website directly. That said, nothing disallows me to install it in one of my folders but, hey, no interest and lots of risks
Let's get a look at a sample of log that attack generated:
Mon 26 Sep 2011 01:05:37
190.136.244.187 tried to come at : shikiryu.com/sql/myadmin/
User Agent = Mozilla/5.0 (compatible; Googlebot/6.66; +http://www.google.com/bot.html)
Less than a second between two different requests.
We can see that it took the googlebot user-agent to pass any .htaccess security (which, now, seems useless right ;) ?)
Its IP address indicates it came from Argentina but it can be faked as everybody knows.
Now, here is the list of folders it tried to scan (incomplete because I filtered it a little, removed similarities, etc.):
- /sql/myadmin/
- /sqlmanager/
- /sqladmin/
- /SQL/
- /sl2/data/
- /roundcube/
- /qql/
- /program/
- /PMA2005/
- /websql/
- /pma2005/
- /web/phpMyAdmin/
- /PMA/
- /webdb/
- /phppma/
- /webadmin/
- /phpMyAdmin2/
- /web/
- /phpMyAdmin-2/
- /typo3/phpmyadmin/
- /phpmyadmin2/
- /phpmyadmin1/
- /sql/websql/
- /phpmy-admin/
- /php-myadmin/
- /php-my-admin/
- /sql/webdb/
- /phpmya/
- /phpmy/
- /sql/webadmin/
- /phpmanager/
- /sqlweb/
- /~/phpmanager/
- /phpadmin/
- /~/phpadmin/
- /sql/sqlweb/
- /mysql/web/
- /sql/sqladmin/
- /mysql/sqlmanager/
- /mysql/pMA/
- /mysql/pma/
- /mysql/mysqlmanager/
- /mysqlmanager/
- /sql/sql-admin/
- /mysql/dbadmin/
- /mysql/db/
- /sql/sql/
- /mysqladminconfig/
- /sql/phpMyAdmin2/
- /mysqladmin/
- /mysql/admin/
- /mysql-admin/
- /sql/phpmyadmin2/
- /MyAdmin/
- /~/myadmin/
- /sql/phpMyAdmin/
- /db/websql/
- /db/webdb/
- /sql/phpmy-admin/
- /db/webadmin/
- /db/phpMyAdmin2/
- /sql/php-myadmin/
- /db/phpMyAdmin-2/
- /db/phpmyadmin2/
- /sql/phpmanager/
- /db/myadmin/
- /db/dbweb/
- /db/dbadmin/
- /db/db-admin/
- /dbadmin/
- /db/
- /database/phpMyAdmin2/
- /database/phpmyadmin2/
- /database/phpMyAdmin/
- /database/phpmyadmin/
- /database/database/
- /database/
- /cpphpmyadmin/
- /cpdbadmin/
- /cpanelsql/
- /cpanelphpmyadmin/
- /cpanelmysql/
- /cpadmindb/
- /cpadmin/
- /bbs/data/
- /admin/web/
- /admin/sysadmin/
- /admin/sqladmin/
- /admin/pMA/
- /admin/pma/
- /admin/phpMyAdmin/
- /admin/phpmyadmin/
- /administrator/web/
- /administrator/PMA/
- /administrator/pma/
- /administrator/phpMyAdmin/
- /administrator/phpmyadmin/
- /administrator/db/
- /admin/db/
- /administrator/admin/
- /~/admin/
- /3rdparty/setup.php
- /3rdparty/pma2005/
- /3rdparty/pma/
- /3rdparty/phpMyAdmin/
- /3rdparty/myadmin/
- /3rdparty/dbadmin/
- /3rdparty/admin/
- /3rdparty/
- /mysql/
- /admin/
- /myadmin/
- /pma/
- /db/phpMyAdmin/
- /db/phpmyadmin/
- /PHPMYADMIN/
- /phpMyAdmin/
- /phpmyadmin/
Conclusion :
1. Of course, first of all, avoid those folder names ; but, again, that's not a fixed list, be smart.
2. Avoid using phpMyAdmin directly on your domain. Even with a login/password, you're not safe (and, no, I'm no paranoid, it's just logic : less way into your database, more security).
3. Backup, network lookups and logs are your friends, don't ignore them, they can save your life! (or at least, your website)
Add a comment