Secure phpMyAdmin From Brute Force Attack on CWP Centos WebPanel and VestaCP Centos
In this tutorial We’ll add extra layer of security to phpmyadmin in order to stop brute force attack/dictionary attack. In some rare cases hacker got into your Database by simply brute force the phpmyadmin logins and they may alter or delete all of your databases, to stop this security risk we’re going to add google recaptcha2 integration in phpmyadmin which will stop bad robots and bad users attacks. Since they will not able to brute force because captcha need to be solved first and google recaptcha is the best free option till date.
Step 1 :
Go to google recaptcha page GOOGLE RECAPTCHA in order to retrieve site key and secret key:
Add/Register a new site :
Enter the server ip or hostname, domain you want to access the phpmyadmin with, then hit Register button, now you will see site key and secrect key copy this keys we’ll need this in step 2 :
you can go to Advanced Settings >> Domain Name Validation >>> uncheck Verify the origin of reCAPTCHA solutions for wildcard permission i.e. you can access phpmyadmin with any domain and ip which are in the server, this is useful if you’ve many domains and IP hosted on the server and want to access phpmyadmin from all of them.
Step 2 :
CWP Centos WebPanel :
In CWP centos webpanel phpmyadmin is located in /usr/local/cwpsrv/var/services/pma/
Commands :
cd /usr/local/cwpsrv/var/services/pma/
then we need to rename the phpmyadmin config file :
cp config.sample.inc.php config.inc.php
After that edit the config.inc.php file and add the lines below mentioned :
nano config.inc.php
now add this line at the end of the file or your choice where you want to add it :
$cfg['CaptchaLoginPublicKey'] = '6Le0u0MUAAAAAIBXeZunSpZ14hw6pL1PnfyCXz73'; $cfg['CaptchaLoginPrivateKey'] = '6Le0u0MUAAAAAPx4SBxRFzaZIqvW7d1z80FD53BB';
where :
$cfg[‘CaptchaLoginPublicKey’] = ‘Site key’
$cfg[‘CaptchaLoginPrivateKey’] = ‘Secret key’
VestaCP Centos 7 :
After that edit the config.inc.php file and add the lines below mentioned :
nano /usr/share/phpMyAdmin/libraries/config.default.php
now search this line and add site key and secrect key which you’ll be retrieving from step 2 :
$cfg['CaptchaLoginPublicKey'] = '6Le0u0MUAAAAAIBXeZunSpZ14hw6pL1PnfyCXz73'; $cfg['CaptchaLoginPrivateKey'] = '6Le0u0MUAAAAAPx4SBxRFzaZIqvW7d1z80FD53BB';
where :
$cfg[‘CaptchaLoginPublicKey’] = ‘Site key’
$cfg[‘CaptchaLoginPrivateKey’] = ‘Secret key’
eg :
/** * if reCaptcha is enabled it needs public key to connect with the service * * @global string $cfg['CaptchaLoginPublicKey'] */ $cfg['CaptchaLoginPublicKey'] = '6Le0u0MUAAAAAIBXeZunSpZ14hw6pL1PnfyCXz73'; /** * if reCaptcha is enabled it needs private key to connect with the service * * @global string $cfg['CaptchaLoginPrivateKey'] */ $cfg['CaptchaLoginPrivateKey'] = '6Le0u0MUAAAAAIBXeZunSpZ14hw6pL1PnfyCXz73';
And save the config file thats all you’ve enabled captcha for extra security to phpmyadmin it will look like :
