MyPhpAdmin Root Account - Slightly OT

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
rainbowr
Joomla! Apprentice
Joomla! Apprentice
Posts: 29
Joined: Wed Sep 20, 2006 8:50 pm

MyPhpAdmin Root Account - Slightly OT

Post by rainbowr » Mon Jan 21, 2008 4:16 pm

Hi All

I'm in need of some help! :(

Someone emailed me recently stating that my joomla site was insecure and sure enough it was wide open for people to get into myphpadmin as root. Don't ask me why but in my wisdom I decided to login to myphpadnmin and remove all root Privileges, I think I panicked a bit after seeing what people could of done to my site!!

Anyway can someone let  me know how I can get these privileges back. I cant do anything now and only have a root user account. I have managed to password protect myphpadmin and my XAMPP directory by configuring a password on root but I need to get root privs back. I appreciate this is slightly off topic as its strictly not a Joomla issue but thought some bright spark on here wuold be able to help me out with something that is now getting pretty urgent.

Thanks all, appreciate any help you can provide.

Richard

simon_w
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Wed Jun 27, 2007 3:00 am
Location: Taiwan

Re: MyPhpAdmin Root Account - Slightly OT

Post by simon_w » Tue Jan 22, 2008 12:19 am

Hi Richard,

On your phpMyAdmin homepage you should have a link that reads 'Privileges'.

You have the root user account, so you have 'root privileges', and it sounds ("I have managed to password protect myphpadmin") like you've set a password for this account.  If you haven't, you really must do so using the 'Privileges' link.  (edit the account and change the password from nothing to something....)

I reckon it's a good idea to create a specific database user for your Joomla! installation to use.  You can create a new user called 'joomla' or similar, and give it rights only on the appropriate database.  Be aware that you'll need everything under 'data' AND everything under 'structure' for Joomla! to function correctly - but only on one db.  Then enter the details of this new a/c in your global config (or directly in your configuration.php).

Finally, if you're using XAMPP with a wide-open phpMyAdmin, you likely have other issues.  Out-of-the-box, XAMPP is not secure (not designed to be).  If you haven't done so, check out this advice at the XAMPP site http://www.apachefriends.org/en/xampp-windows.html#1221 - in fact, you might do this first. Looking at it now, I think there's an automated procedure to help you set the MySQL root password, amongst other things.
As mentioned before, XAMPP is not meant for production use but only for developers in a development environment. XAMPP is configured is to be as open as possible and to allow the web developer anything he/she wants. For development environments this is great but in a production environment it could be fatal.
That said (quoted?), if you take the appropriate measures as outlined on the site, you should be okay.

Good luck,

Simon
:)

User avatar
rainbowr
Joomla! Apprentice
Joomla! Apprentice
Posts: 29
Joined: Wed Sep 20, 2006 8:50 pm

Re: MyPhpAdmin Root Account - Slightly OT

Post by rainbowr » Tue Jan 22, 2008 7:55 am

Hi Simon

Thanks for your repsonse. The problem is that root has no privileges now, and I didn't know how to get them back after removing them. Under privileges in myphpadmin it stated I didn't have any and the only database I could see was information_schema. I couldn't do anything or access any of my databases. I ended up getting Phil Taylor to sort it out for me late last night.

Thanks for your help

Richard

simon_w
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Wed Jun 27, 2007 3:00 am
Location: Taiwan

Re: MyPhpAdmin Root Account - Slightly OT

Post by simon_w » Tue Jan 22, 2008 8:09 am

Oh, I see - you needed a new root account created from the command-line.  Sorry, I misunderstood your message (looking at it now I'm not quite sure why, but....).

Glad Phil sorted everything out for you.  One of Joomla!'s strengths is that you have knowledgeable professionals available if you need them.

Sorry I didn't help...!  :D

Simon


Locked

Return to “Security - 1.0.x”