{"id":7386,"date":"2023-02-28T07:12:10","date_gmt":"2023-02-28T13:12:10","guid":{"rendered":"https:\/\/www.knownhost.com\/kb\/?p=7386"},"modified":"2026-01-23T06:31:57","modified_gmt":"2026-01-23T12:31:57","slug":"preventing-phpmyadmin-bruteforcing-directadmin","status":"publish","type":"post","link":"https:\/\/www.knownhost.com\/kb\/preventing-phpmyadmin-bruteforcing-directadmin\/","title":{"rendered":"Prevent PHPMyAdmin Bruteforcing in DirectAdmin By Restricting Its Access"},"content":{"rendered":"\n

It is quite common to see automated attempts to locate PHPMyAdmin URLs for the purpose of bruteforcing when perusing the webserver access logs and domain logs. You can eliminate the threat of attacker success by restricting access to PHPMyAdmin to the panel only. This will require that a user is already logged into the DirectAdmin panel before they can access PHPMyAdmin.<\/p>\n\n\n\n

This is beneficial for multiple reasons, the primary being that it limits the angle of attack on the phpMyAdmin installation as provided by DirectAdmin. While at the same time, making it easier for you or your users to access phpMyAdmin as it involves enabling SSO (Single Sign On).<\/p>\n\n\n\n

We’ll be configuring this with the following. This will be done over SSH so if you need to know how to access your server read our “How to connect with SSH<\/a>” guide.<\/p>\n\n\n\n

  cd \/usr\/local\/directadmin\/\r\n  .\/directadmin set one_click_pma_login 1 restart\r\n  cd custombuild\r\n  .\/build update\r\n  .\/build set phpmyadmin_public no\r\n  .\/build phpmyadmin<\/code><\/pre>\n\n\n\n
With this set, the following is now true:<\/p>\n\n\n\n