phpMyAdmin is a popular database management system. If the password is too simple, attackers can crack it, log on to the system, and execute high-risk malicious database operations, such as additions, deletions, and modifications. This can lead to data leakage or severely compromise security of your network.
According to common business requirements, access to database management backends serves specific users, such as database administrators and developers. If access is made available to the public, it may lead to serious data leakage. Therefore, after deployment, it is suggested that security of the phpMyAdmin management console is reinforced.
Restrict visitor IP access to phpMyAdmin.
You can use the Security Group Firewall Policy provided by ECS to restrict visitor IP addresses and avoid unnecessary access to the database management backend.
By default, phpMyAdmin provides an access control feature, and the detailed configuration is as follows:
Enter the phpMyAdmin directory and find config.inc.php. If it does not exist, copy config.sample.inc.php in the root directory as config.inc.php.
Edit config.inc.php and add the following two codes, of which the IP address 192.168.0.1 is available to access phpMyAdmin and the message Access Denied is displayed to unauthorized users.
?$ip_prefix = '192.168.0.1';
if (substr($_SERVER['REMOTE_ADDR'], 0, strlen($ip_prefix)) != $ip_prefix ) die('Access denied');
A complex password can effectively prevent brute force password cracking attacks. The newly set password will take effect immediately without restarting.
Refine authorization for database accounts according to user roles to prevent O&M risks.
For more information, see MySQL Service Security Document - Authorization section.
Alibaba Cloud Security Situational Awareness supports detection and warnings for vulnerabilities. We recommend enabling basic Situational Awareness in the console for real-time detecting and warning to provide real-time notifications about security vulnerabilities so they can be mitigated.