I discovered Adminer a few years ago, when i found that a site i was doing some testing on was hacked into. After looking around trough the server, i discover that the server itself was not compromised but only the database, and after countless hours of digging trough log files i discovered that the hacker had gained access trough a PHPMyAdmin vulnerability.
I like all the features in PHPMyAdmin unfortunately due to its complexity and its wide usage, there are far more vulnerabilities that get discovered.
I discovered Adminer, which had just the functions that i needed without all of the overhead and with a bit more security.
Note:
Adminer is available for install from Ubuntu Repositories using “sudo apt-get install adminer” but to get the latest features we will install the latest version manually.
This Tutorial should work on Ubuntu 16.04 and 18.04
This tutorial is For Adminer and MYSQL but Adminer also works with the following databases:
- MySQL
- PostgreSQL
- SQLite
- MS SQL
- Oracle
- SimpleDB
- Elasticsearch
- MongoDB
If you have any questions or comments feel free to post them at the bottom i will be glad to help with any issues.
Install
Step 1
Connect to your server as the admin user via SSH or open a command prompt.
ssh [email protected]
Step 2
We need to install apache2 and mysql-server unless you are installing it on an existing web server.
Update and Upgrade the server
sudo apt update && sudo apt upgrade -y
Install Apache, PHP and MYSQL Server and some PHP extensions
sudo apt install apache2 php php-curl php-cli php-mysql php-gd mysql-client mysql-server -y
Secure your MySQL installation and set the root password
sudo mysql_secure_installation
From here, you can just press Y and then ENTER to accept the defaults for all the subsequent questions.
Fix authentication issue caused by Ubuntu using auth_socket plugin by default for the root user.
You can set the root user to use the mysql_native_password instead to fix this issue, and we will have to set the root password again to correct this.
log in as sudo to mysql using the username and password set before.
sudo mysql -u root
in MySQL enter the following
USE mysql;
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
Note:
For security make this password different than your server’s password, and dont use the root user in any application that requires a database to store and pull data from.
FLUSH PRIVILEGES;
exit;
Step 3
We download the latest Adminer into our Apache web servers root folder
sudo mkdir /usr/share/adminer
sudo wget "http://www.adminer.org/latest.php" -O /usr/share/adminer/latest.php
sudo ln -s /usr/share/adminer/latest.php /usr/share/adminer/adminer.php
echo "Alias /adminer.php /usr/share/adminer/adminer.php" | sudo tee /etc/apache2/conf-available/adminer.conf
sudo a2enconf adminer.conf
reload the Apache config
sudo systemctl reload apache2
That’s it access the adminer interface at
http:///adminer.php