Tag Archives: phpmyadmin

How to restrict access to your phpmyadmin

Went through the apache logs on my web-server and saw some access requests to my phpmyadmin page.

It’s probably a good idea to restrict access to this web based sql admin interface (in case there is an exploit I don’t want somebody to use it on this).

How to make phpmyadmin a bit more secure

sudo vi /etc/phpmyadmin/apache.conf
or
sudo nano /etc/phpmyadmin/apache.conf

Under
“Alias /phpmyadmin /usr/share/phpmyadmin”
<Directory /usr/share/phpmyadmin>

add this:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.0.0/24

This will let your vm access the /phpmyadmin part and also anything with an IP on the 192.168.0.0/24 network.

Also, up there in the alias where it first says /phpmyadmin – change this to something else like “Alias /youcannotguessthis /usr/share/phpmyadmin” and it will be a lot harder for automatic scanners to find it.

Here is some more information.

Upgrade WordPress 3.x

Hi!

If your webhost is running in php safemode then you may run into some issues, for example you cannot do the upgrade of WP automagically via the admin interface and neither can you upgrade plugins manually, which is a hazzle.

To do the upgrade follow this guide:

http://codex.wordpress.org/Upgrading_WordPress_Extended

I went from 3.0.4 to 3.1
and from 3.1 to 3.1.3
and from 3.1.3 to 3.2

The way I do it is like this:

  1. Download your blog ( in my case /blog) to your local machine.
  2. Make a backup of your mysql database ( via phpmyadmin in my case ). Good idea is to delete spam comments before you do this, saves a few bytes.
  3. Download and extract the latest wordpress on your local machine.
  4. In the directory where you extracted the new wordpress files, remove the directories that you are supposed to keep (mentioned in red text in the guide/link above and in #6 below).
  5. Copy over the files from your blog that you are supposed to keep, get them from where you downloaded the new files to your local machine.
  6. In my case the things I needed to copy were: wp-config.php, the folders under wp-content – and their content,  .htaccess
  7. The rest did not apply to me, as I did not have the cache, wp-images, plugins/widget and not using special language or special robots.txt
  8. On your web-host, rename the folder of your blog (I have mine under /blog)
  9. Upload the new directory from your local machine (the new one where you have copied in the things you needed to keep).
  10. Surf to /wp-admin
  11. Click upgrade db
  12. Take this opportunity to update some plugins if you have that are out of date.
  13. I did not have to alter my permalinks, the setting was the same (%postname%) and the links are still working.
  14. Done!

If you do run into problems this way, check out the forums for some assistance.

There are things you can use to make this a lot faster.
For example maybe a lot of files aren’t different between the versions.
If you don’t do backup or maybe if you don’t upload the whole new directory that will save you lots of time.

Some ftp-clients (flashfxp for example) have what’s called a skip-list where you can specify that files with the exact same size should not be over-written but skipped.

– What I did last time was to just download 3.2. Extract the archive. Remove the wp-content. Upload and overwrite the files on the web host. Tada. Not so complicated at all :)

Install Drupal 7 in Debian 6

Time for another go!

Drupal is ..

.. a pretty famous and widely used CMS out there – so here we go ->

1. Get sudo configured on debian. Sucks to have to log on as root all the time when installing apps etc.

2. Download and untar drupal 7

3. Read INSTALL.TXT

Requirements:

– A web server. Apache (version 2.0 or greater) is recommended.
– PHP 5.2.4 (or greater) (http://www.php.net/).
– One of the following databases:
– MySQL 5.0.15 (or greater) (http://www.mysql.com/).

“sudo apt-get install lamp-server^” does not work in Debian 6 :/

Following this guide instead.

  1. aptitude update  and then upgrade (maybe not necessary because I used apt-get.. why have two??)
  2. sudo apt-get install mysql-server mysql-client (in Debian 6 you put in sql root user password during install)
  3. sudo apt-get install apache2 php5 php5-mysql libapache2-mod-php5 phpmyadmin
  4. Surf to http://ip/phpmyadmin and log on to the mysql db – does it work? yay!
  5. Create drupal db – see INSTALL.mysql.txt – basically this just tells you to create a database and a user. It asks you to do this via manual SQL queries, but we have phpmyadmin so we just have to; 1. click on databases and create a new one. 2. after that, click on privileges and create a new user. 3 just type in username and password, leave the rest for default.
  6. Copy extracted files to your www directory. Beware of rights, use chmod and possibly chown. /var/www/ is the default directory.
  7. Surf to http://ip/drupal (where install.php is)
  8. Standard setting
  9. Then it complains that it doesn’t have access. Because I had to set chmod 777 on the ‘sites’ directory under /drupal.
  10. Then I need to copy a file and make it writeable, just doing what the script tells me to.
  11. Configure the database settings.
  12. Now you can remove write access permissions on the sites/default directory and sites/default/settings.php
  13. Put in contact and admin accounts stuff.
  14. Done! Wow, that was easy :)

So much to do in there!
I will have to get back about this in another post :)