phpmyadmin fail2ban failed login log

fail2ban phpmyadmin

Solution 1:

  1. Edit /etc/phpmyadmin/config.user.inc.php file and add something similar to:
<?php

$cfg['AuthLog'] = '/tmp/phpmyadmin.log';
  1. Check it out:
tail -F /tmp/phpmyadmin.log
  1. Perform a bad login in your phpmyadmin. Expected output similar to:
Jan 19 09:20:00 phpmyadmin: user denied: sfsd (mysql-denied) from 10.163.1.128

If your phpmyadmin server is behind a reverse proxy and its private IP address is 10.163.1.128 you probably want to log the public IP address of the client, so step 1 should be:

<?php

$cfg['AuthLog'] = '/tmp/phpmyadmin.log';
$cfg['TrustedProxies'] = array('10.163.1.128' => 'HTTP_X_FORWARDED_FOR');

Please bear in mind that the user running your phpmyadmin (typically www-data) should have write access to file and parent dir defined in $cfg['AuthLog'] variable name

Related

Is a separate firewall device required to protect a single machine on a network?
Restore an Exchange 2007 mailbox from a backed .edb file
Disk Quota with Systemd Nspawn
Error 500 on first request for file
Kubernetes API: Compare and update config map key
How exactly does SMTP authentication work?
Connection to a private k8s cluster: failed to find any PEM
How to install WordPress without using the /wp-admin/install.php script?
Why is ISC DHCP server ignoring the fixed-address statement?
What's wrong with this SSH port forwarding?
How to Centralize AWS SSM with multiples accounts
how to extend SAN storage in CentOS 7