Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "phpmyadmin"
Had a bit of time on my hands and this was the result. Shaking my head. I should never be left free and alone. Lol.11
So, i tried to demonstrate my roommate how many people push their credentials to github by searching for "password remove" commits.
I decided to show him the file and noticed something interesting. A public IP, and mysql credentials.
I visit the IP and what do i see there, a directory listening with a python script, with injects the database into a webpage (???) and a log of all http requests. Lots of failed attacks aiming at the PHP CGI. Still wondering how they failed on a python server 🤔🤔🤔
Edit phpmyadmin to connect to the mysql database. Success.
Inserted a row telling him the his password is on github. Maybe i should also have told him how to actually remove it. 😅
Yes, root can login from %
This is how far i can get with my current abilities.
Scary how insecure this world is.5
So I gave this guy access to a database and phpMyAdmin and then I get this:
Him: hello??? i cant make databases i have no privilages
Me: Use tables instead of databases...
Him: I need to make databases
Him: 1. my votes plugin 2. my ftop plugin 3. my forums 4. my new forums 5. my new forums (he runs a minecraft server fml)
Me: You don't need databases for all of those, you can use tables, that's a massive waste
Him: idc i would rather have databases
Some Romanian "Hacker" is trying to hack my forum xD
He tried to call the setup script for PhpMyAdmin, but I don't even have PhpMyAdmin installed because I use MongoDB xDDD
I'm lying on the floor laughing6
When your raspberry pi is bombarded with /phpmyadmin URL attempts in all its forms and possible paths and versions 😅
Like seriously? Who in there right mind uses phpmyadmin AND has it accessible to the public.
- there's no databases on this Rpi but you keep looking.11
"We're going to need to migrate our database and reformat it so it works with the new app."
Translation: we've been using Excel up until this point and need you to convert it to SQL. Oh god, people.2
On the presentation for my database project my team and I showed a NodeJS + Mongo + VueJS project with cloud storage capability, nothing fancy but did everything from scratch (from token auth and system encryption to the frontend CSS and the database) the teacher made some questions and meh'd at it.
Behold team two's project, WordPress with a standard template and phpMyAdmin, teacher loves it because "it's so beautiful"
Guess who just failed that class?
God I love college, it's the best time investment I've ever done and it'll surely pay out.11
Was developing WordPress plugin. On the last step, i need to check if the remove DB table functionality when user uninstall the plugin is work. uninstalling plugin, check phpMyAdmin, and yes the table is gone. Also the plugin, which i dont have any backup. I need to drink....7
Was getting absolutely crazy about not getting access to phpmyadmin on my server. Tryed 10things. Broke server twice. Asked @linuxxx and he just told me the solution like the cool guy in school jumping on his drink to make the package pop.
People like this guy commentating are the main reason why evolution is still just a theory.
Let's take for example someone having a problem with their car not starting up.
Already seeing this guy's response would be:
"Personally I hate cars. Seems like its always they're broken. Have you just tried using your legs and run 40 kilometers to work every day?"
No I didn't you fucker, and you know why? Because it's not convenient. The same way how it's not convenient for me or any sane developer to drop to a command line and run custom query (which can be automated) every time I want to quickly check some values in development.
And no, the OP didn't ask for setup of this on production, the conversation kept on in comments below and this guy was still defending his productive idea.44
Head of IT department asked me to configure Apache from phpmyadmin. There occured 5 seconds of silence after he said that.6
So during my internship I learned a lot about Linux, Docker and servers and I recently switched from a shared hosting to my own VPS. On this VPS I currently have one nginx server running that serves a static ReactJs application. This is temponarily, I SFTP-ed the build files to the server and added a config file for ssl, ciphers and dhparams. I plan to change it later to a nextjs application with a ci/di pipeline etc. I also added a 'runuser' that owns the /srv/web directory in which the webserver files are located. Ssh has passwords disabled and my private keys have passphrases.
Now that I it's been running for a few days I noticed a lot of requests from botnets that tried to access phpmyadmin and adminpanels on my server which gave me quite a scare. Luckily my website does not have a backend and I would never expose phpmyadmin like that if I did have it.
Now my question is:
Do you guys know any good articles or have tips and tricks for securing my server and future projects? Are there any good practices that I should absolutely read and follow? (Like not exposing server details etc., php version, rate limiting). I really want to move forward with my quest for knowledge and feel like I should have a good basis when it comes to managing a server, especially with the current privacy laws in place.
Thanks in advance for enduring my rant and infodump 😅7
What a lazy fuck.
This so called full-stack developer doesn't know how to use mysql from command line. The only way he can do anything in the database is using phpMyAdmin or MySQL gui.
What? How do you even call yourself a developer when you don't know how to use basic command line tools?
The fucker wants me to find out why a particular feature is not working?
Why the fuck are you being paid for? You stupid idiot.
"Can you please grep ... in the server?"
What? Why would I do that for you? How about you ssh the server yourself?
What a waste of time.5
When someone decides to manually delete a user from a relational database that relies on that user to exist and expects everything to work out perfectly.2
Please use normalization. Don't store more than is intended in one field and use special characters to separate things. It would make future developers job easy.7
Well, it is not my favorite open source project... I almost never have to use DBs, but when I do, it just saves my life. I can create the tables, keys without worring about any SQL command.
But day to day life is GNU/Linux, Firefox, bash/zsh, git... There are lots of opensource tools that I use, and love, everyday. :)2
...He hired a shit dev who did the same work in 3 times less than what I asked for.
He's now back crying to fix his Fuck up.
You ask how I know he is shit. He SSH-ed into the server. Worked directly off the production files. Worst of all, he installed phpmyadmin, changed the db structure without even writing a fucking migration !!!
How the hell am I supposed to know what he changed!! It's gonna be a long night 😥6
Who doesn't already deleted a DB from production server because tought that is deleting it from localhost's Phpmyadmin? Yeah, shit happens...
It seems less shitty when you have a backup of it from last 9mins, but sucks as well...5
Question for Web Server Gurus and Security Ninjas.
How to prevent bots, crawlers, spammers sending various numerous requests to your web servers?
There have been numerous requests to routes like /admin /ssh /phpmyadmin etc etc and all kinds of stuff to the web server.
Is there a way to automatically block those stupid IPs :/9
I remember the first time I was experimenting with Linux and decided to install Kali Linux (was still version 1 at the time) and in the process cleaned my hard drive. I was in first year and I hadn't been introduced to git, so you can imagine what happened to my code.
Or when I dumped all my databases into one SQL file (the feature looked tasty in phpmyadmin) and then after reinstalling everything, I couldn't import back the files.
Or last year, where I was on industrial attachment. So we were to delete some data from DHIS2 manually. So as a developer I grouped all organisation units to be deleted under one parent and wrote a python script to recursively delete anything in that group. Just when I was about to show my supervisor how efficiently my script was deleting stuff, he said, "Don't delete anything yet". I hope he doesn't read this *wink*
Fast forward, last week on Friday I dropped my external hard drive. It just works on one USB port now, no idea how and why.
Whole class: makes an sql database using phpmyadmin. Simple, easy, meets the requirements
Me: fuck it. Use python with pyqt5. And Microsoft sql server Spend unnecessary hours on making repetitive functions, cause my stupid ass can't figure out how to pass more than one parameters in class methods.
All in all, it looks good. I feel like I did something, learnt something new. Took on a challenge. Its a wierdly good feeling, somewhat rewarding.5
Webmin because why not ✓
Lamp stack ✓
Dynamic DNS client ✓
Dear DigitalOcean. SINCE WHEN do you consider a PMA installation
without Https SECURE?
And why the fuck do you make me install an aptitude package that skips both file system AND Apache config cleanup on purging?
It's just a raspberry, but if it runs lamp I want PMA, and if it runs anything, I want Https. Is that too much to ask for from a tutorial source otherwise so reliable that I do anything you say without a questioning thought?8
IT'S CAPS RANT TIME!
MYSQL ERRORS ARE SO USELESS! AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHH
I JUST WANT TO ADD A FOREIGN KEY BUT 'Cannot add foreign key constraint' KEEPS COMING UP, AND THE STACK OVERFLOW ANSWERS INDICATE THAT IT COULD BE -LITERALLY- ANYTHING!
THIS IS OF COURSE, AFTER PHPMYADMIN GIVES ITS OWN ERRORS FOR TRYING TO USE THE DESIGNER TO ADD THE RELATION. IT ONLY WANTS UNIQUE FOREIGN KEYS, DESPITE ONE OF THE MAIN USES OF FOREIGN KEYS BEING MANY-TO-MANY AND ONE-TO-MANY RELATIONS!3
Beware: Here lies a cautionary tale about shared hosting, backups, and -goes without saying- WordPress.
1. Got a call from a client saying their site presented an issue with a third-party add-on. The vendor asked us to grant him access to our staging copy.
2. Their staging copy, apparently, never got duplicated correctly because, for security reasons, their in-house dev changed the name of the wp-content folder. That broke their staging algo. So no staging site.
3. In order to recreate the staging site, we had to reset everything back to WP defaults. Including, for some reason, absolute paths inside the database. A huge fucking database. Because WordPress.
4. Made the changes directly in a downloaded sql file. Shared hosting, obviously, had an upload limit smaller to the actual database.
5. Spent half an hour trying to upload table by table to no avail.
6. In-house uploads a new, fixed database with the help of the shared hosting provider.
7. Database has the wrong path. Again.
8. In-house performs massive Find and Replace through phpMyAdmin on the production server.
9. Obviously, MySQL crashes instantly and the site gets blocked for over 3 hours for exceeding shared hosting limits.
10. Hosting provider refuses to accept this was caused by such a stupid act and says site needs to be checked because queries are too slow.
11. We are gouging our eyeballs as we see an in-house vs. hosting fight unfold. So we decide to watch a whole Netflix documentary in between.
12. Finally, the hosting folds and enables access to the site, which is obvi not working because, you know, wrong paths.
13. Documentary finishes. We log in again, click restore from backup. Go to bed. Client phones to bless us. Client’s in-house dev probably looking for a cardboard box to pack his stuff first thing in the morning. \_(ツ)_/¯
When I was in my final year of B.Tech.
There we had to do one major project so me and my friend both decided to build QUERA project for college. So as planned we informed to our superior and we got clean chit.
But later on we didn't know what to do??
That time my friend also didn't have programming awareness so days were going on. And the final month came and till then no progress.
My F was suggesting for purchase.
I was little bit worried too.
Then I had decided to build.
So me alone started building without any copying of templates from web(Actually at that time I didn't know that we can copy templates from web) so stupidly I was building templates using HTML and CSS. Parallely I was doing with php and phpmyadmin(SQL queries).
Seriously it was in PHP.
So this was running for approximately 14 days.
And believe me in that 14 days I was just doing project with all this stuff (obviously eating & 5 hrs sleep).
So, here the fun came
I was near to completion of my project but on last day I was not feeling well so I went to medical for some tablets.
And you know what, I was applying CSS in my mind on that tablet cover which was in rectangular shape.
Literally I was applying :D
Finally, I submitted project and got A+ for that.
Why the fuck don't you provision and configure the cloud virtual machine yourself, "web lead" guy who uses fucking WINDOWS to develop software? Why don't you install Webmin and PHPMyAdmin in the VM yourself if you like GUIs so much? Why do I have to configure Apache and MySQL and fix all sorts of little issues for your project just so you can use some shitty CMS? I'm not your fucking IT support guy. Go learn how to use Unix, take responsibility for your shit, and let me spend my time actually developing software.10
I tried setting up XAMPP for running my friends code.. it took 5hrs and faced atleast one issue in every step from installation to running.
1) XAMPP Did not download itself, found that internet was down.
2) downloaded finally, installation phase went till 98% fatal error, windows collecting info for diagnosis
5)after 3 tries , suddenly it installed successfully
6)Apache force shut, every time I started it
7)1.5 hours later found VM had occupied the port 80, making it shut.
Changed the port
8)PHPmyadmin was recent ,that SQL 5.1 support was not There.
9)Now after setting up new instance of MySql 5.6 , created conflict.
Project referred one instance and PHPmyadmin referred other
10) Changed port numbers and added service entry in windows to make it work
At last the struggle ended up with happy ending.
My installation story precisely
Iam new to PHP development and XAMPP.6
So i ordered myself a web server and am trying to get access to phpmyadmin.
I got generated username and password for the phpmyadmin login.
So i created mysql databases and database users, outside the interface, but that's fucking it, i need to create tables as well, can't do that without the interface, cuz NO ACCESS!
Fucking piece of shit service provider, they had one thing to do and they can't even fucking do it right. How dare they call themselves web hosts at all...
It's probably a badly configured config file but i can't access the file myself to start sorting this shit out, so i got to wait at least 12 hours till work hours to be able to contact with them and sort this shit out.1
What I learnt after 3 hrs of debugging for a stupid issue today ?
Lesson 1 - Getting some unknown error even though your code ks right and no error in logs ? Check you SQL version and its rules.
Lesson 2 - phpmyadmin is fuckin shit ass software
Ouuu today I experienced how web-devs must feel...
Task: create a form to answer questions with yes/no and a database behind it to collect stats.
So login to phpmyadmin
1. Wrong password got error message
2. No error message, still at login screen, but in address I see a token
3. There must be something wrong
4. Reinstalled phpmyadmin and mysql-server several times, wasted one hour on it - still stuck at login screen
5. Tried different browser and it fucking works!
6. Realized that cleaning cache fixed it...1
My worst mistake was to have localhost phpmyadmin up, and beside the production one. I ran DROP on production instead of localhost. That was not a nice feeling when I realised 😐1
Love it when I try to find a free Web hosting to do a little testing online... But All of them have a broken PhpMyAdmin panel. >.<12
TL:DR linux newbie, looking for advice/links (skip to bottom for questions)
After i had been looking for a job for quite some time, a couple of months ago i got hired by "smaller" company doing web stuff. So far it have been a great place, good colleagues, and overall just having a great time!.
They seem to value me alot, so that's great!.
Anyway, yesterday i got called into a meeting - and got told they wanted me to start learning "Server stuff (linux)". That got me quite excited, because it always was something i wanted to learn - but never really got around to doing.
But i never touched a linux installation before, so i'm really on ground zero - but im not afraid, i'm a quick learner and quite efficient at googling :)
I figured i would ask here, since other people here always seems to be happy to help other people out.
So far i have manage to setup a server, install various stuff (php, mysql and so on) and done setup a couple of domains/subdomains on my server. Also got a vestacpinstallation working - so overall im quite happy so far.
I figured maybe somebody had some good links/advice for a linux newbie :).
* Performance/Security, will obviously be a big focus - anything i should look at? - any must look at?
* Monitoring tools, how do i monitor various websites running on my server? Here i'm thinking bandwitch, cpu/ram usage and so on pr site basis.
* Any other stuff i should be looking at?
Little about what the server will/should be running :)
* WordPress installations only (e-commerce mainly)
* PHP 7 / MySQL / phpmyadmin5
- ok so I said I had to touch little bit of nodejs. It's a messenger like chatroom. Users data and the rest are stored in mysql. Chat messages are stored in mongodb. Found a funny issue. (Funny as in annoying that you just bang your head with your head while laughing funny) one mysql query in the node app is giving different order by result when you run it. I thought it was async issue. Turn out it's not. Said query works fine when running on phpmyadmin and the likes.
- I watched end game yesterday. And I'm sad. It's an end of an era. But also hopeful for various possibilities Marvel can do for future films.
- have you ever had such a great sex that afterwards she got serious headache and had to vomit?7
This one was thanks to the beloved MariaDB.
I needed to update a record with id = 12345
I copied the id to the clipboard.
Then proceded to type:
UPDATE table SET field = NULL WHERE Ctrl+v
So it ended up
UPDATE table SET field = NULL WHERE 12345
I forgot to type "id = " after the "WHERE".
MariaDB says "OK, after the WHERE any number means TRUE".
Simple update taking longer than 0.000001 seconds means bad news. And if you add that I was making the stupid update using phpMyAdmin, I couldn't cancel it faster. I had to log into terminal and kill it from there. Some hundred of thousands of records updated to null, thank you.
It was a testing database, and we had a backup so I had to take my good 30 minutes to restore it but it was not cool.5
A normal day on my CMS as a Service...
URL: https://go to CMS
> Login screen: enter credentials, check checbox "remember me" (which doesn't remember you)
> redirected to SSO (single sign-on welcome page)
> Re-enter URL to go to CMS
> Fires up second browser on second screen, do the exact same things as above
--- Code editing
As it's a very modern CMS, you have to edit the code via the CMS using a bulky and honestly shitty editor (or rather: they didn't spend time configuring it to be at least semi-decent).
Plus default white horrible theme.
> Go to "/themes"
> Scroll all the way down the page
> Enter filename in search box
> Click the "Edit" button, which is a small button located right next to a much bigger red "DELETE" button. When you middle click (as I always open files in new tabs) on the DELETE button, it DELETES without confirmation. In such cases, you lose up to three days of work asking the providers to set it back up for you via their backup - and charge you for that. So sorry for deleting an *important* file
> Edit the file.
> Save the file - it takes 3 seconds. Upon saving, rescroll again to where you were in the code.
> On the other screen, refresh dev view of current template
> Wait 5 seconds
> If there are any special blocks, they all load via a semi-synchronous AJAX request (it's async, but they load one by one), the same time you waited to refresh your page.
> Notice you forgot adding some markup
> Re-edit the file, save...
> OH NO - I'VE BEEN BACKGROUNDEDLY DISCONNECTED. Back to Login page.
> Enter credentials.
> Am not on the CMS, but on the SSO
> Navigate back to file
> Re-write new changes
--- Manager comes in:
I need to you edit XXX objects in DB Manager (a big PHPMyAdmin if you will)
> New tab, go to https://DB
> Although still connected on CMS, I have to re-enter credentials
> Am redirected to SSO
> Re-enter https://DB
> Find the object (20 seconds of loading)
> Find the appropriate field
> Find out the field is in fact another object located elsewhere
> Uff, thank goodness, there's a shortcut button to directly edit said elsewhere object
> Operates on elsewhere object + save
> Re-edits original object + save
> ERROR 500, APPLICATION UNEXPECTEDLY CRASHED
:') painful much?
(for those who ask: yes i've got plenty of mind-reflexes in order to minimise losses)2
DBSole .. Query your database from Google chrome dev tools :)
For lazy dev who just dont want to switch over phpMyAdmin or Terminal for small query
Hello, can someone help me with this one ? I guess that the fucking SO elitist community would have beaten me to death if I asked this question.
I'm trying to create a relational table between a Tutorial object and a User object (to know which tutorial the user has access to) using Sequelize, and I figure out that I have two PRIMARY keys in my table. How is it possible ? UserID is also marked as Index.
The both keys are not Unique in themselves but their combinations are unique.4
Finally decided to get myself some remote server on DO, faffing around and setting things up, and suddenly I decide to look at my access logs, someone was trying to figure out how to connect to mysql, phpMyAdmin and what's not... Too bad for him I won't have any of those installed until I know how to properly secure all this :)
Heh... Welcome to the real world I guess?4
Come on, WordPress! Why are you such an asshole? I just want to migrate and move on with my life.
Is it because I started with Joomla? Is it because I cheated you with Flask?
Can you please, please be nice to the same db you made? Am I asking to much for?1
Today i chartered new realms for me.
I created a new hyper-v vm on the company windows servers and added a 5th instance to it, but instead of running another windows server i installed an ubuntu 18.04 (cause i am a bit familiar with debian from my raspberry pi)
we have two servers, one which runs the 4 vms and a replica. I first had the new vm on the main server but it occured me to move it instead to the unusued replica machine. That kinda worked..i did a planned failover but the main server isnt configured to be the replica..and even when activating that it didnt work. This is weird.
For the moment i ignored that and proceeded to install nginx, mariadb and php 7.2..basically the lemp stack. I managed to setup nginx and a static ip adress for the machine (which was different from how i remembered it to do (in 18.04 its not done with the network conf but a yaml file).
in the end i added two different virtual servers, one for actual use and one for dev stuff (with phpmyadmin running for instance), listening on port 80 and some random other port.
as a test i brought a mediawiki onto the Port 80 server and it worked.
on monday i have to figure out how to implement the wildcard certificate i have for our company domain (internal dns simply routes intranet.company.com to the local server vm)
i am mighty proud cause all my experience with linux was with a raspberry pi so far and i am fairly certain i did it right and without shortcuts this time. (unlike my raspberry experience)
just wanted to share
(i also sweated a lot of blood when editing the hyper v settings as i did not set up the server in the first place)
((i also installed xrdp and a mate desktop, but i am less proud of that, but sometimes seeing folders graphically helps me))
I'm seeing someone trying to access one of my machines looking for phpMyAdmin. I don't use php, nor mysql.
Keep trying random h4x0r!1
Damned XAMPP doesn't want to run MySQL. Can't access phpmyadmin on local machine. Fixed localhost problems now it shows me 404! Edited all ports in config files for Apache, killed some tasks working on that port, stopped running some services - still nothing. Now found out there are some db files missing for MySQL via error log so I need to fix that plus 404 on my localhost. Don't feel like I'm close to solve all that. Half of a day wasted with no results. I need a cold shower and a gallon of coffee.1
I've been wondering about renting a new VPS to get all my websites sorted out again. I am tired of shared hosting and I am able to manage it as I've been in the past.
With so many great people here, I was trying to put together some of the best practices and resources on how to handle the setup and configuration of a new machine, and I hope this post may help someone while trying to gather the best know-how in the comments. Don't be scared by the lengthy post, please.
The following tips are mainly from @Condor, @Noob, @Linuxxx and some other were gathered in the webz. Thanks for @Linux for recommending me Vultr VPS. I would appreciate further feedback from the community on how to improve this and/or change anything that may seem incorrect or should be done in better way.
1. Clean install CentOS 7 or Ubuntu (I am used to both, do you recommend more? Why?)
2. Install existing updates
3. Disable root login
4. Disable password for ssh
5. RSA key login with strong passwords/passphrases
6. Set correct locale and correct timezone (if different from default)
7. Close all ports
8. Disable and delete unneeded services
9. Install CSF
10. Install knockd (is it worth it at all? Isn't it security through obscurity?)
11. Install Fail2Ban (worth to install side by side with CSF? If not, why?)
12. Install ufw firewall (or keep with CSF/Fail2Ban? Why?)
13. Install rkhunter
14. Install anti-rootkit software (side by side with rkhunter?) (SELinux or AppArmor? Why?)
15. Enable Nginx/CSF rate limiting against SYN attacks
16. For a server to be public, is an IDS / IPS recommended? If so, which and why?
17. Log Injection Attacks in Application Layer - I should keep an eye on them. Is there any tool to help scanning?
If I want to have a server that serves multiple websites, would you add/change anything to the following?
18. Install Docker and manage separate instances with a Dockerfile powered base image with the following? Or should I keep all the servers in one main installation?
19. Install Nginx
20. Install PHP-FPM
21. Install PHP7
22. Install Memcached
23. Install MariaDB
24. Install phpMyAdmin (On specific port? Any recommendations here?)
I am sorry if this is somewhat lengthy, but I hope it may get better and be a good starting guide for a new server setup (eventually become a repo). Feel free to contribute in the comments.22
A lot of my apps are hosted in Debian servers from a long time.
I'm upgrading some machine to Debian 10 and it's a nightmare: phpmyadmin and monit packages are no more available.
Is there someone in the same situation?6
Just open my personal project I have not touched in a year. Cannot connect to Local DB neither remote. I am questioning my self why I use PHP and phpmyadmin. At the time I started project that was the only backend coding I knew, now I may redo it in node.js.2