29 April 2019

Protect phpMyAdmin to avoid data loss

Malicious users hack phpMyAdmin, delete databases and demand a ransom for their return. A few of our users have already suffered from such an attack. Here we will describe how to protect yourself.

phpMyAdmin is a free web-application for MySQL databases management. This tool is popular all over the world, therefore, it is a target for hackers. They launch massive automated attacks that exploit application security vulnerabilities. Any phpMyAdmin user can become a victim of these actions./p>

Our customers experienced the “PLEASE_READ.WARNING” attack. The attack usually goes this way: bot finds a phpMyAdmin URL, picks a password for the root user. When the bot gets access to the application, it deletes all user databases, but it leaves one with the name “PLEASE_READ.WARNING”. The database contains just one table with a message where hackers suggest to send you a copy of removed data for 0.2 Bitcoin (approximately $200).

This is how hacked database looks like

How to protect a website

Disable root user access. The root user has maximum access rights, that is why hackers pick the password for it in the first place.

To disable the access:

  1. On your server find and open the file /etc/phpMyAdmin/config.inc.php;
  2. Find the line: $cfg['Servers'][$i]['AllowRoot'] =TRUE;
  3. Replace it with: $cfg['Servers'][$i]['AllowRoot'] = FALSE;

Change the phpMyAdmin access URL. By default, it is similar for everyone (https://yourdomain/phpmyadmin), that’s why bots easily find it. Change the access URL to something only you know.

Create a safe password. Hackers get access to the application by picking a password with a brute force method. To enhance protection from picking a password, create a password that includes 8 symbols or more, any combination of letters, numbers, and other and other valid characters (ASCII characters). Password generation service.

Make backups regularly. This doesn’t protect you from the attack, but in case of data loss, you wouldn't have to pay a ransom. You will be able to recover your data from your backups. To read more about the ISPmanager backups use our documentation.

Keep your software up-to-date. Developers are continuously working on vulnerabilities fixes, for that reason you need to use the current version of applications. The same works for the operating system. To update phpMyAdmin, use the instructions for your operating system.