Disable user-level domain access to phpmyadmin & roundcube

Vidian

New member
Joined
Jul 15, 2021
Messages
3
Hi there,

No clue if this is supposed to go here or perhaps "usr-level diffuculties" or even PHP/MySQL subforum. If I'm in the wrong place please move the thread.

Question:
I'm trying to disably the /phpmyadmin and /roundcube links for user-level domains, specifically for www.xxldartshop.nl. This is a live webstore I'm still working on and IMO it's a major security risk if anyone can just easily access the PHPMA-login page.

Now this is obviously a user-level issue, which can be solved with .htaccess. The problem is that I would like the links shut off for ALL user-level domains, as I can access PHPMA and roundcube via the DirectAdmin CP access. Is there a way to disable these links in general for al users?

If I am unclear in my explanation please ask for any additional info. Hopefully somebody can help.


Kind regards,
Glenn
 

Vidian

New member
Joined
Jul 15, 2021
Messages
3
Thanks, I'll try that! Strange that I couldn't find that setting anywhere by Googling for it.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
6,776
Location
Maastricht
The issue is however, that roundcube is still accessible through /roundcube. How do I disable this?
Don't know if that is possible. This is not a big security risk as long as users are prepared to create decent passwords.
All major panels have webmail accessible from outside the panel, als the major internet providers for example KPN and Ziggo. They wouldn't do that if this would be such security risk.

Just use a good firewall to block brute forces. Most of us use DA this way for many years and mostly accounts are not hacked via roundcube bruteforces.
You could remove roundcube, however, then nobody is able anymore to use webmail.
 
Top