- Joined
- Feb 27, 2003
- Messages
- 9,158
Hello,
phpMyAdmin 4.8.0 was released:
https://www.phpmyadmin.net/news/2018/4/7/phpmyadmin-480-released/
There was a delay in getting this into CustomBuild 2, due to changes in the logging format.
They've added a new AuthLog format, which is great (allows direct logging to a file).. however, the format didn't 'quote' the user or IP values logged, so the brute force scanning could just have a new filter entry added (limitation of DA with regards to the brute_filter.list)
For now:
CustomBuild 2.0 will use the new AuthLog format, but will add a patch to the 4.8.0 version of PMA to change the format from:
Apr 15 18:19:17 phpmyadmin: user denied: asdf (mysql-denied) from 192.168.1.2
to be:
Apr 15 18:19:17 phpmyadmin: user denied: 'asdf' (mysql-denied) from '192.168.1.2'
so that CB2 can then add a phpmyadmin3= filter entry to the brute_filter.list file, that can be used right away with any DA version.
Later:
DirectAdmin 1.53.1 will have this change:
https://www.directadmin.com/features.php?id=2112
so the ip_until=NULL can be used, so it uses the IP until the end of the line.
The limitation was that ip_until=? had to be specified, but couldn't use \0 or anything like that, so the logging format had to be changed, just for now.
Once 1.53.1 is out, then we no longer need to patch PMA at all (woohoo!) and then it will use the brute_filter.list entry phpmyadmin4= which uses ip_until=NULL (end of string)
Let us know if you run into any issues.
Failed logins should be stored in:
/var/www/html/phpMyAdmin-4.8.0/log/auth.log
and make sure DA is picking them up, by looking for a "Filter" column called "phpmyadmin3".
The pre-release version of DA does have the ip_until=NULL method, but CB2 won't know that anyway an will still patch for the single quotes, so not much point at the moment.
John
phpMyAdmin 4.8.0 was released:
https://www.phpmyadmin.net/news/2018/4/7/phpmyadmin-480-released/
There was a delay in getting this into CustomBuild 2, due to changes in the logging format.
They've added a new AuthLog format, which is great (allows direct logging to a file).. however, the format didn't 'quote' the user or IP values logged, so the brute force scanning could just have a new filter entry added (limitation of DA with regards to the brute_filter.list)
For now:
CustomBuild 2.0 will use the new AuthLog format, but will add a patch to the 4.8.0 version of PMA to change the format from:
Apr 15 18:19:17 phpmyadmin: user denied: asdf (mysql-denied) from 192.168.1.2
to be:
Apr 15 18:19:17 phpmyadmin: user denied: 'asdf' (mysql-denied) from '192.168.1.2'
so that CB2 can then add a phpmyadmin3= filter entry to the brute_filter.list file, that can be used right away with any DA version.
Later:
DirectAdmin 1.53.1 will have this change:
https://www.directadmin.com/features.php?id=2112
so the ip_until=NULL can be used, so it uses the IP until the end of the line.
The limitation was that ip_until=? had to be specified, but couldn't use \0 or anything like that, so the logging format had to be changed, just for now.
Once 1.53.1 is out, then we no longer need to patch PMA at all (woohoo!) and then it will use the brute_filter.list entry phpmyadmin4= which uses ip_until=NULL (end of string)
Let us know if you run into any issues.
Failed logins should be stored in:
/var/www/html/phpMyAdmin-4.8.0/log/auth.log
and make sure DA is picking them up, by looking for a "Filter" column called "phpmyadmin3".
The pre-release version of DA does have the ip_until=NULL method, but CB2 won't know that anyway an will still patch for the single quotes, so not much point at the moment.
John