Author: Olly

We work with various servers at work, and one of the areas that gets targeted the most by bots and stuff, seems to be the phpmyadmin login page.

Now, you could obfuscate the folder name to throw them off the scent… but that probably means renaming loads of things other than the core foldername & time is money!

The best way (before this blog post) of doing it has always been to secure it with htpasswd but the amount of times i’ve done this quickly and set the password to something obvious, and then forgotten the password. Then unpicking the password configuration to get in, to then have to reapply it… Screw that!

So whilst I was once again sat staring at the good ol’ “how to secure phpmyadmin with htaccess” guide early this morning, I thought to myself “there must be a better way of doing this!” and I pondered… and pondered… then it hit me!

Cloudflare!

We use Cloudflare for DNS management on all our websites, it’s by far the best tool for the job and despite them taking most of the internet down (twice) the other month, its an awesome toolkit for keeping the baddies out and the websites online.

Anyway, in the cloudflare dashboard there is a firewall section, in that section you can set rules under “Firewall Rules” and a quick 5 minute rule later and my phpmyadmin screen is secured with a captcha screen and cloudflare is beating up the baddies that try and come and hack my gibsons.

Here is the rule;

 

And here is my bitchin challenge screen;

It’s worth noting that when I originally added the above rule I used “contains” in the rule Operator field, and then the screenshots I added above had ‘phpmyadmin’ in the filenames,  so the cloudflare rule kicked in blocking the images from loading!

Be careful when setting the rule and ensure it matches my example above.

It logs how many times it kicks in too, and already since adding it its been hit 50 times!

Secure your phpmyadmin on ubuntu, cloudlinux, redhat, CentOS, debian, fedora, coreos, freebsd, windows hosting, and anything else with this 5 second rule.

Oh, it works in cloudflare free accounts too – so even if you dont use cloudflare you can set it up at no cost and have the rule protecting your phpmyadmin from the hackers, bots and baddies of the internet world in no time!

Ok, so this is something that ive been thinking about putting out there for a while. Many of you know that my day job is working at a digital agency, we make websites, we do marketing, we work with code & pixels and help people use the internet to run or grow their businesses.

This post is the result of over 12 years of constant erosion of our sanity, by people who need us, but dont know why they need us, and then despite them not knowing why, they feel the need to question why they should have to pay so much for something they requested that they dont really understand… Confusing right?

Let me explain…

The Internet: The thing everyone uses, and no one* understands.

Now first and foremost, i’m not saying I know all there is to know about the internet, but as its something I have mucked about with since there were only 257,601 websites (June 1996) on the whole internet – I feel i’ve got a good baseline understanding of what it is and how it works and on that note – I feel I am more than qualified to write this open letter.

So What’s My Problem?

To put things into an example that anyone can understand, let’s pretend we’re building a house instead. First, you must have it planned by an architect. A good Architect will firstly listen to what you would like then take into account the plot of land, your budget and a 1000 other factors and will come up with ideas that tick all the boxes. If you then question things, or ask for it to be changed he/she may say no – and explain that you can’t do X, Y or Z due to A, B or C.

At that point you would more than likely take their work for it, and push on? Surely?

Then why is it then, that when me or a colleague of mine tries to express our concerns regarding an item or feature a customer has suggested, our years of experience, our long lists of qualifications and our unique – finely tuned – mindset is suddenly worth less than something they read in a Newspaper article that morning on the train? The best ones are when CEOs who visit the business once a quarter and havent been fully active in the business for 20 years, DEMAND that a feature to be present on a new proposed system, as their friend at the Golf Club has it on theirs….

The web isn’t a platform for people to try and “Keep up with the Joneses” and in fact simply copying what other people are doing could be the exact opposite of what you would be advised to do by a proper digital agency that had created you a proper digital strategy based on your actual requirements. Sure, borrow ideas and evolve existing concepts, but you achieve success by innovating, not by cloning your competition!

What sense is there in employing the services of a professional company, and then telling them what to do throughout the whole process??

If you dont know, now you.. still probably dont know.

My bastardised Biggie quote is intended to highlight the fact that the “Internet” that we all take for granted every single day, is propped up by digital agencies, hosting companies and IT professionals all over the world. Not only that, but additionally we can now access the web via toasters, fridgers, irons, televisions and speakers now (amongst many other things) and I bet the majority of the human population that have access to the internet have ZERO idea how their tech is “smart” or how it works, or how their Fridge can communicate with the internet via a button press on an app on your phone..

It’s just Magic, right?

Wrong.

It’s the internet, it’s a mix of protocols, ports, networks and servers. Its made up of pixels, megabytes, packets and abbreviations. It’s a hugely complex “Thing” that was never really intended to do what it is doing right now. It was never meant to do banking, or control your heating – but thanks to the amazing minds of some of the world cleverest people, we’ve been able to evolve and improve the world we live in, in many ways thanks to the opportunities and evolutions made possible thanks to the internet.

However, due to the constant, rapid evolution that happens every day online it has become the fastest moving playing field that has ever, and will ever exist. What was popular 10 minutes ago is now laughably uncool, how your website engaged with your target audience six months ago may no longer resonate with them, and the app or the online store that you had someone who “knows everything about IT” make you five years ago may now need constantly patching up due to depreciating server dependencies and new conflicts between scripts being used to add or enhance certain functionality on your website. Sound confusing? Thats my point.

There will be pirates and cowboys in our industry (I have actually blogged about a few) but generally, a good, credible, well reviewed digital agency will not try and rip your off, they have nothing to gain from doing that, and the reason for that invoice that came in much higher than you expected, is because they are professionals that have probably saved your bacon more times than you realise, and are probably the main reason your business is still competitive in 2019.

“Oh just quit whining, you chose your career!”

Yes, I did choose to go into the web industry, but what no one could predict was how rapidly it would consume the world. Every single corner of the world, of innovation, of family life, of education…. every single nook and cranny is now connected to the web and utilises the internet for something.

So whereas most of us in this industry trained and learned how to do our job 10+ years ago, the job we’re now required to do is ten times more complex and one hundred times more in-depth. 

I encourage anyone confused about a quote or an invoice sent to them from their web company to just be open and talk to them – and just remember that you’ll no doubt be contacting them via an email account that they provide to you, on a device that they help you fix when the latest OS update breaks everything.

So how do we fix this?

Treat Web Pros With Respect

A good web design company, a good digital agency, a good digital marketing company…  Do you know what the one thing they all have in common regardless of their size, location or niche is?

They are all Professionals.

And in the rest of society, when someone is a professional they are paid the wage a professional would expect – and people dont question it.

• Do you haggle with your solicitor?
• Do you shop around for the best deal at a Funeral Home?
• Do you question invoices sent to you by your Accountant? (OK, well we did used to question our Accountant quite a lot, which is why we now use Kashflow, that’s another story…)

Then why do we, as Web Professionals, have to justify to clients why we have charged you for something on an invoice we have sent? We’re not trying to trick you!

Our time is all we have. We dont ship pretty boxes, we can’t tie a shiney bow to your new website – its data held on a system somewhere. So we MUST charge you for the time we spend, just like a Barman will charge you for all the alcohol you drink, and just like you get charged for all the items you put in your Shopping Trolley at Asda –  you will be (or should be) charged for whatever time you use at any Digital Agency and whereas the DA should explain what they’ve done and why – questioning and haggling with them once they’ve presented you this info is demoralising and belittling. Their time is worth the price they ask you to pay.

Thanks for reading.