Large amount of Failed attempts in phpMyAdmin

There is large number of Failed Attempts in phpMyAdmin:

I have two multisites (and two dev multisites). Each has mapped domains with add-on IPs. I know that my server's primary IP used to get blocked for trying to access itself repeatedly. I had to whitelist the IP address. I'm not sure why it was doing that. I also see lots of hacking attempts, which is why I asked about changing the SSH port #

I don't use SSH to access the server, so it wouldn't matter to me. However, I'm not sure if that port is used by any of the plugins. Do you know if that's common?

  • Lindeni Mahlalela

    Hello Chris.

    I hope you are doing great today and sorry for the delayed reply from our end, things have been hectic around here. Thank you very much for your patience, we really appreciate that.

    I know that my server's primary IP used to get blocked for trying to access itself repeatedly. I had to whitelist the IP address. I'm not sure why it was doing that.

    There could be several reasons for this. It could be the database process locking itself due to a lock in the tempdb, this may be a result of a process that has been running for a very long time due to some long database query.

    It could also be some script in the server that uses incorrect login credentials to connect to the database, this can happen for example if WordPress was installed and then the database password got changed and left as is in the config file. In this case WordPress/any script will try to login to the database server with the credentials it has on its config file, if this is the case you should be seeing the WordPress error saying something like "Database connection failed".

    If you have the database server separate from the web server, when someone tries to login via phpMyAdmin and fails, the web server could be blocked by the Database server as the login requests will come from phpMyAdmin stored on the Web Server, in this case the Database Server will "think" the Web Server is attacking it and will block it for that reason.

    Worst case, it could be an attacker trying to gain access to your server.

    I also see lots of hacking attempts, which is why I asked about changing the SSH port #

    It is common for any server to be under attack these days as hackers are always trying to gain unauthorized access to servers. It is advisable to change the port number from its default to anything not commonly used. Here is a document on how to Secure SSH on CentOS, you should obviously search for the correct documentation for your server's operating system if not using CentOS, but there shouldn't be much difference.

    I don't use SSH to access the server, so it wouldn't matter to me.

    If you don't use SSH on your server then you should disable it completely or disable root login and password authentication. This will protect against brute force attacks on the root user. It is very common for any server to get brute force attack attempts and it is advisable to disable all features not in use in the server or to secure them.

    Here is how to configure and secure SSH on Ubuntu and on CentOS

    However, I'm not sure if that port is used by any of the plugins. Do you know if that's common?

    Plugins don't use SSH connections, or at least I don't know any plugin that does. Plugins usually run within the scope of WordPress, even though they may use some scripting functions that WordPress does not use but no plugin uses server features like SSH. SSH is usually for the server administrator to configure the server itself, nothing within the scope of WordPress or its plugins require SSH.

    Now, the Failed Attempts in phpMyAdmin could be failed direct login attempts on the login screen of phpMyAdmin or as mentioned, it could be an attempted brute force attack on the server.

    I hope this helps, please let us know if you have any further questions. Have a nice day.

    Cheers,
    Mahlamusa

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.