Attack on Phpmyadmin Mysql

Problem

Blocking an attack on phpmyadmin mysql

Solution

First thing to do is to log at the error logs: /var/log/apache2 then issue this command

sudo tail -500 access.log

In one case attack I blocked the ip that I got from log in this file. bash /etc/phpmyadmin/lighttpd.conf

now lighttpd looks like this:

# Alias for phpMyAdmin directory
alias.url += ( 
    "/phpmyadmin" => "/usr/share/phpmyadmin",
)

# Disallow access to libraries
$HTTP["url"] =~ "^/phpmyadmin/libraries" { 
    url.access-deny = ( "" ) 
}
$HTTP["url"] =~ "^/phpmyadmin/setup/lib" { 
    url.access-deny = ( "" ) 
}

# Limit access to setup script
$HTTP["url"] =~ "^/phpmyadmin/setup" {
    auth.backend = "htpasswd"
    auth.backend.htpasswd.userfile = "/etc/phpmyadmin/htpasswd.setup"
    auth.require = (
        "/" => (
            "method" => "basic",
            "realm" => "phpMyAdmin Setup",
            "require" => "valid-user"
        )
    )
}

#blocking this ip as it was attacking phpmyadmin
$HTTP["remoteip"] == "208.109.106.228" {
       url.access-deny = ( "" )
  }