How can I protect phpMyAdmin against brute force attacks? ΒΆ
If you use Apache web server, phpMyAdmin exports information about authentication to the Apache environment and it can be used in Apache logs. Currently there are two variables available:
userID- User name of currently active user (they do not have to be logged in).
userStatus- Status of currently active user, one of
ok(user is logged in),mysql-denied(MySQL denied user login),allow-denied(user denied by allow/deny rules),root-denied(root is denied in configuration),empty-denied(empty password is denied).
LogFormat directive for Apache can look like following:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{userID}n %{userStatus}n" pma_combined You can then use any log analyzing tools to detect possible break-in attempts.