phpMyAdmin is a free and open-source MariaDB and MySQL management tool. It’s among the most popular web-based tools that enable you to manage databases, execute SQL queries, manage accounts, export, and import data and much more.

Unfortunately, it’s a target for hacking attempts, and if those attempts succeed they can cause irreparable damage as hackers can steal or delete sensitive information.

For that reason, you should keep phpMyAdmin updated, as it will have the latest patches against recent exploits, and secure it against automated attacks by adding extra layers of security.

Having software that is not up to date on servers is a risky move.  In 2019, phpMyAdmin has been the target of random attacks from botnets.

PLEASE_READ.WARNING Attack

This attack deletes all the databases it finds and replaces them with a table name WARNING containing “To recover your lost data SEND BTC”.  There are serveral variations that may ask for different BTC sums or have a different database name.

It appears that the attacker only deletes the data and there isn’t a way to recover them from the attacker, but this may be different from case to case. One of the people that have first detected the attack has written a detailed description.

A database exploited by this attack will look like the picture below.

SQL ATACK

PLEASE_READ_ME_XMG database created by the attacker.

 

In this tutorial we’ll learn how to manually update phpMyAdmin to the latest version, change phpMyAdmin default access URL and add an authentication gateway that requires an extra set of credentials before logging in. This tutorial is aimed at phpMyAdmin running with Apache Web Server on Ubuntu 18.04

How to Update phpMyAdmin to the latest Version

First, install phpMyAdmin from the official Ubuntu repositories:

Now, change directory into /usr/share:

Remove the phpMyAdmin directory:

Use wget to download the latest phpMyAdmin version. You can find the packages with the latest version here phpMyAdmin – Downloads.

The current latest version at the time of writing is 4.8.5, so we’ll download that one:

Next, unzip it:

Finally we rename the unzipped folder phpMyAdmin-4.8.5-english to phpmyadmin:

IMPORTANT

If you log into phpMyAdmin now, you’ll see two errors:

To fix the first error, just run the following:

Now you’ll have to add a Blowfish Secret in config.inc.php. To do this, visit the following link to generate a Blowfish Secret https://www.motorsportdiesel.com/tools/blowfish-salt/pma/. Copy the secret so we can paste it into config.inc.php.

When you’ve copied it, open the file config.inc.php:

And paste in the Blowfish Secret – you’ll notice the section right away. In my case right now, it’s t&GeQ>FhO@sG]/b*&Y9lVG1mh\UQ3CYP

Credit goes to user CRIMSON 501 from askubuntu.com for the Blowfish Secret generator made especially for phpMyAdmin.

Here’s how the section should look after you’ve pasted it in:

Save and close the file.

Lastly, we need to create a tmp directory for phpMyAdmin and give Apache ownership over it:

Well done. You’ve not upgraded your phpMyAdmin to the latest version.

Changing Default phpMyAdmin Location

As attackers will probe for common locations on any software they’re trying to hack, we’ll change the default path

http://domain_or_IP/phpmyadmin

to

https://domain_or_IP/somethingunexpected

To change the phpMyAdmin default access URL on Ubuntu 18.04, open /etc/apache2/conf-enabled/phpmyadmin.conf using your favorite text editor:

Among first lines ( line 3 ) you’ll see:

Change it to something unexpected like:

Restart Apache:

Now you should be able to access phpMyAdmin by visiting:

Add Auth Gateway to phpMyAdmin

As an additional layer of security, we can add a popup that requires an extra login, before our usual phpMyAdmin login.

To do this on Ubuntu 18.04, open the Apache configuration file and add these lines to it:

To give you a complete example, here’s how mine looks after adding the lines:

Save and close the file when you’re done.

Now use htpasswd to generate a password file for an account that will be allowed to access the phpMyAdmin login page on Ubuntu 18.04. I’ll use the username dracula, but you can use anything you want:

You’ll be prompted to create a password and enter it again to confirm it.

Finally we’ll change the permissions for the file, to prevent anyone not in the www-data or apache group from being able to access it:

And you’re done.

Now you can go to your phpMyAdmin access URL and you should be prompted for the extra credentials.

After changing the phpMyAdmin access URL and added the extra authentication gateway, here’s how it looks like:

phpMyAdmin_auth_gateway

Conclusion

Well done. You’ve learned how to manually upgrade phpMyAdmin and add 2 extra layers of security to your phpMyAdmin installation.


Vlad

Tech Support

Leave a Comment

LIMITED TIME SPECIAL 💀

Enter your email below to get 20% OFF on any of our Linux VPS plans and receive weekly deals on our services!