Setting up fail2ban to ban failed phpMyAdmin login attempts
Solution 1
I've used a combination of .htaccess
and a simple php
script to provide a solution I find acceptable:
.htaccess
php_value auto_prepend_file /path/to/fail2ban.php
fail2ban.php
- Detects presence of
$_REQUEST['pma_{username|password']
- Validates
pma_{username|password}
against themysql
.user
table - Logs an error (format below) if the details are invalid
Log format
phpMyadmin login failed with username: root; ip: 192.168.1.50; url: http://somedomain.com/phpmyadmin/index.php
phpMyadmin login failed with username: ; ip: 192.168.1.50; url: http://192.168.1.48/phpmyadmin/index.php
This solution is suitable for me as I can easily integrate it into the bash
script I've put together to smooth configuration of fail2ban
across our servers.
Thanks to all who provided possible solutions!
As a follow-up, I have opened a question about issues I've run into creating a custom fail2ban
filter to watch & act on this new log file: Custom fail2ban Filter for phpMyadmin bruteforce attempts.
Solution 2
I think the best way (and in my opinion the less dangerous) to use phpMyAdmin is to not open phpMyAdmin directly on public IP but to listen only on internal IP or loopback and make a SSH tunnel to connect to it using a local port on the machine you want to work with phpMyAdmin. This way the sensible autentication is controlled by SSH (and already blocked by fail2ban).
Solution 3
We protect phpmyadmin by adding apache htaccess ldap authentication (or file authentication) for the phpmyadmin location. You have to type the password twice, but failed login attempts are recognized by fail2ban.
[http://www.cyberciti.biz/faq/howto-setup-apache-password-protect-directory-with-htaccess-file/][1]
Related videos on Youtube
Rauf P
Updated on September 18, 2022Comments
-
Rauf P over 1 year
contrller:News.php This is my controller News
<?php class News extends CI_Controller { public function __construct() { } public function getShowIN_News() { return $result; } } ?>
contrller:Category.php This is my controller Category
<?php class Category extends CI_Controller { public function __construct() { } public function category() { require('news.php'); $test = new News(); $data["headlines"] = $test->getShowIN_News(); } }?>
-
Nishant Nair about 7 yearswhere are you using session in above controller?
-
Mr. ED about 7 years
-
-
Michael Robinson over 11 yearsThanks for the answer. I agree that your suggestion is likely the most secure, but I'm not in a position where I can implement this right now. I'm interested in finding if there there is a way for me to use
fail2ban
to block bad access attempts tophpMyAdmin
without modifyingphpMyAdmin
too much. -
Michael Robinson over 11 yearsThanks for your answer! I have solved my problem in a different way.
-
Michael Robinson over 11 yearsThanks for your answer! I have solved my problem in a different way.
-
Rauf P about 7 yearsThen, how can i do this. i want call getShowIN_News() in category controller.
-
Narf about 7 yearsYou can't and you shouldn't. If you need to reuse that code, it doesn't belong in a controller ... put it in a model.