“We had reluctantly provided access to phpmyadmin to the appdb developers (it is a very handy tool, and something they very much wanted). But it is a prime target for hackers, and apparently our best efforts at obscuring it and patching it were not sufficient.”
Why “software developers” would need access to the databases via phpMyAdmin is bizarre. It’s a general-purpose tool not really suitable for securely presenting stuff to the web. The particular data developers might need could be presented by a particular web application. Modularity is key. A breach does then not mean the house falls down.
From phpMyAdmin.net:“phpMyAdmin is a free software tool written in PHP intended to handle the administration of MySQL over the World Wide Web. phpMyAdmin supports a wide range of operations with MySQL. The most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, indexes, users, permissions, etc), while you still have the ability to directly execute any SQL statement.”
That may be fine for low-value data, it only takes one password to be compromised to dump everything. That’s weak. Further, the complexity of phpMyAdmin (feature-bloat rather than necessity) makes it vulnerable to a myriad array of attacks. e.g. This cascade.
There are many ways that phpMyAdmin can be used securely if access is restricted to a particular user, the administrator, but phpMyAdmin should not be depended upon to secure itself. History shows that repeatedly. One could use openSSH to give a remote system administrator secure access by a session run on the server, for instance. And openSSH can be secured even further than its already good security level by shifting ports, knocking etc. What were they thinking? FLOSS gave them tools to secure their system and they ignored them. There are thousands of sites on the web running phpMyAdmin, often older versions, and some of them running as root without a password…
phpMyAdmin is a useful tool but it was clearly the wrong tool for the job they gave it. Unfortunately there are still thousands of sites running phpMyAdmin as root and Google can find them. Most of these should be restricted to “localhost” or the local LAN.