I have noticed that there are strange requests to my website trying to find phpmyadmin, like
Alias /phpmyadmin /usr/share/phpmyadmin
Alias /secret /usr/share/phpmyadmin
The biggest threat is that an attacker could leverage a vulnerability such as; directory traversal, or using SQL Injection to call
load_file() to read the plain text username/password in the configuration file and then Login using phpmyadmin or over tcp port 3306. As a pentester I have used this attack pattern to compromise a system.
Here is a great way to lock down phpmyadmin:
file_privpermissions from every account.
file_privis one of the most dangerous privileges in MySQL because it allows an attacker to read files or upload a backdoor.
Order deny,allow Deny from all allow from 188.8.131.52
Do not have a predictable file location like:
http://127.0.0.1/phpmyadmin. Vulnerability scanners like Nessus/Nikto/Acunetix/w3af will scan for this.
Firewall off tcp port 3306 so that it cannot be accessed by an attacker.