First, let’s change the address to access phpMyAdmin. By Default, it’s ser.ver.ip/phpmyadmin.
I’ve copied the original phpmyadmin apache config file so I can customize it as I want, and still have the original one in case mine is broken. sudo cp /etc/phpmyadmin/apache.conf /etc/phpmyadmin/apache-custom.conf
At the top of the custom file, change the 3 line Alias /phpmyadmin /usr/share/phpmyadmin to something else, like Alias /phpthisismine /usr/share/phpmyadmin
Now, I don’t know how your apache is setup to take into account the phpmyadmin configuration file. On my server, it wasn’t added automatically, so I’ve added it myself in /etc/apache2/apache2.conf. At the bottom, just add Include /etc/phpmyadmin/apache-custom.conf.
Now, in order to deal with those stupid bots, if they ever find the URL, it would be nice to have fail2ban take care of those f*ckers. The problem is, phpMyAdmin doesn’t log any failed login attempt (bummer !).
Well actually, this is what I found:
phpMyAdmin uses php’s apache_note function to make this work. AFAIK this function is only available in mod_php mode. This will not work with mod_fcgi & co.
And I’m using php-fpm so I need to modify phpMyAdmin to log failed attempts. Let’s edit /usr/share/phpmyadmin/libraries/plugins/auth/AuthenticationCookie.class.php (I know, that’s bad, but what can I do ?).
Find the authFails() function and inside, right after the last header() call, add error_log(‘phpmyadmin: authentification failed’);
1 |
[Wed Jan 18 06:56:33.915985 2017] [:error] [pid 12423:tid 140093452912384] [client 99.99.99.99:64335] FastCGI: server "/usr/lib/cgi-bin/php" stderr: PHP message: phpmyadmin: authentification failed, referer: http://88.88.88.88/phpthisismine/index.php |
Hell yeah.
Now let’s setup fail2ban. Create a file /etc/fail2ban/filter.d/apache-phpmyadmin.conf and place that inside
1 2 3 |
[Definition] failregex = .*\[client <HOST>:[0-9]+\] phpmyadmin: authentification failed.* ignoreregex = |
Now edit your local fail2ban configuration file. Mine is /etc/fail2ban/jail.local and add
1 2 3 4 5 |
[apache-phpmyadmin] enabled = true filter = apache-phpmyadmin port = http,https logpath = %(apache_error_log)s |
Reload fail2ban sudo service fail2ban reload and you’re all set !
Nice! I couldn’t find the authFails() function as fast as I googled it. I can’t believe there isn’t a plugin or native support for this in phpmyadmin.