Answer the question
In order to leave comments, you need to log in
Is it possible to secure PHPMyAdmin on the server this way?
For convenient database editing, I use a subdomain like phpma.mydomain.ru . I don't know about subdomains, but bots with this name, as I read, scan and then try to hack the site through phpma.
I can’t restrict access to the folder by IP, because I have it dynamic, but I have an idea: make a subdomain like: phpma_blablabla.mydomain.com (random name so that bots don’t find it)
The question arises: is the information publicly available? about subdomains? By the way, in the DNS records of the domain there is a redirect *.mydomain.ru to the IP of my VDS. In my case, is it better to leave it like this or write an A-record for each subdomain?
Answer the question
In order to leave comments, you need to log in
Rename first. Second, add basic authentication to the phpmyadmin folder in addition to the authorization built into it. Sometimes you can configure it directly in the hosting panel or google how to do it manually: "basic http authentication".
Also, instead of phpmyadmin, you can use adminer. It is 1 file that can be uploaded via FTP anywhere and, as far as I remember, for authorization it requires, in addition to the login and password, to enter the name of the database.
https://www.administrator.org/
basic auth will save the father of Russian democracy.
And do https, it’s very unsafe to drive plain-text over the entire database over the Internet.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question