Setting up fail2ban to ban failed phpMyAdmin login attempts

security logging fail2ban

428

Solution 1

I've used a combination of .htaccess and a simple php script to provide a solution I find acceptable:

.htaccess

php_value auto_prepend_file /path/to/fail2ban.php

fail2ban.php

Detects presence of $_REQUEST['pma_{username|password']
Validates pma_{username|password} against the mysql.user table
Logs an error (format below) if the details are invalid

Log format

phpMyadmin login failed with username: root; ip: 192.168.1.50; url: http://somedomain.com/phpmyadmin/index.php
phpMyadmin login failed with username: ; ip: 192.168.1.50; url: http://192.168.1.48/phpmyadmin/index.php

This solution is suitable for me as I can easily integrate it into the bash script I've put together to smooth configuration of fail2ban across our servers.

Thanks to all who provided possible solutions!

As a follow-up, I have opened a question about issues I've run into creating a custom fail2ban filter to watch & act on this new log file: Custom fail2ban Filter for phpMyadmin bruteforce attempts.

Solution 2

I think the best way (and in my opinion the less dangerous) to use phpMyAdmin is to not open phpMyAdmin directly on public IP but to listen only on internal IP or loopback and make a SSH tunnel to connect to it using a local port on the machine you want to work with phpMyAdmin. This way the sensible autentication is controlled by SSH (and already blocked by fail2ban).

Solution 3

We protect phpmyadmin by adding apache htaccess ldap authentication (or file authentication) for the phpmyadmin location. You have to type the password twice, but failed login attempts are recognized by fail2ban.

[http://www.cyberciti.biz/faq/howto-setup-apache-password-protect-directory-with-htaccess-file/][1]

428

Rauf P

Updated on September 18, 2022

Comments

Rauf P over 1 year

contrller:News.php This is my controller News

<?php class News extends CI_Controller {
public function __construct()
{
}
public function getShowIN_News()
{
    return $result;
} } ?>

contrller:Category.php This is my controller Category

<?php class Category extends CI_Controller {
public function __construct()
{
}
public function category()
{
    require('news.php');
    $test = new News();
    $data["headlines"] = $test->getShowIN_News();
} }?>

Nishant Nair about 7 years

where are you using session in above controller?
Mr. ED about 7 years

codeigniter.com/user_guide/general/controllers.html and codeigniter.com/user_guide/general/…

Michael Robinson over 11 years

Thanks for the answer. I agree that your suggestion is likely the most secure, but I'm not in a position where I can implement this right now. I'm interested in finding if there there is a way for me to use fail2ban to block bad access attempts to phpMyAdmin without modifying phpMyAdmin too much.
Michael Robinson over 11 years

Thanks for your answer! I have solved my problem in a different way.
Michael Robinson over 11 years

Thanks for your answer! I have solved my problem in a different way.
Rauf P about 7 years

Then, how can i do this. i want call getShowIN_News() in category controller.
Narf about 7 years

You can't and you shouldn't. If you need to reuse that code, it doesn't belong in a controller ... put it in a model.