Thursday, June 21, 2007

securing vps[1]: change mysql password

Installing phpmyadmin will help us in managing our mysql database. In my opinion, it is not only for beginner, but for advanced user as well.

Our mysql server has no password for root. It is very dangerous! We can change the password via mysql client [why I chose to install mysql-client], but I like to use phpmyadmin.

1. First thing first, go to the phpmyadmin on our server, login as root with blank password.
2. Choose mysql(17) database on the left menu.
3. Find user table, and click on it.
4. Click on Browse tab, to get the content of this table.
5. In order to change the password, click the pen picture on the row which has user = root and Host = localhost.
6. On the next window, type your password and don't forget to apply Password on the Function field. Click on Go button to save the changes.
7. Apply the same changes to the all root account. You can use the same password for all of the root password depend on your situation.
8. Now, I have changed the password. Choose the Home button on the left side menu. Then, Choose Reload Privileges to flush all the privileges, and click on Go button.
9. We will forward to the login page again. Try to login using root with blank password, your login will be failed.
10. Try with the new password and you can use phpmyadmin again.

Next, I am tending to change the name of phpmyadmin as well. This is just to hide my phpmyadmin from outsiders. By doing this, they have to guess where is the phpmyadmin and the password for root. If you still use phpmyamdmin directory, hackers only need to guess or crack the root password. The way to do it is just renaming the phpmyadmin directory with other name, for example: nasicampur, basisdata, etc.

debian:~# cd /var/www/
debian:/var/www# ls
apache2-default phpmyadmin test.php
debian:/var/www# mv phpmyadmin nasipadang
debian:/var/www# ls
apache2-default nasipadang test.php
debian:/var/www#

Test by go to the your server with nasipadang directory. You will get the phpmyadmin login page.

[Again, for security reason, I has changed again the directory's name.]

1 comment:

Cody said...

Thanks, Your post really helped me change my mysql password!