Tag Archives: PuTTY

Custom themes for PuTTY

This post has sat in my draft folder for more than 5 years. I was doing some cleaning and found that I didn’t publish this post and since it is still relevant I thought of pushing the publish button.

Being a web developer, most of the time I would be staring at PuTTY. I got sick of the default bright colours of PuTTY and was searching for ways to customize the display of my PuTTY window.

After some research, I found pre-packaged custom themes for PuTTY created by Ilya Grigorik. These themes are available as .reg files. You can directly download and use them or if you want, you can further customize them for your needs.

Below is the screenshot of the different themes that are available.

putty-terminals

Wow! now my eyes have something pleasant to stare at, most of the times 😉

Posted in Unix/Server Stuff, Web Programming | Tagged , , | Leave a comment

Protect your phpMyAdmin folder, or …

… you are asking for trouble. I learned this valuable lesson past weekend. You need to protect your phpMyAdmin folder from outside world or you are asking for trouble.

I went to a conference about security called Hackintosh, where we had a competitive event called ‘Capture the Flag’. The event was structured like a game and consisted of 10 different levels. At each level, you have to solve a problem by hacking into a sample application using some vulnerability. Each level had problems in increasing order of complexity and most of them were very interesting.

After about 4 levels, I found out that the phpMyAdmin folder of the server, in which the event site was hosted, was public. I logged into the database (it didn’t asked me for the password) and updated the level column corresponding to my username row to 10. That’s it, I conquered the flag. In the end, I ended up hacking the Hackintosh 😉

Jokes apart, the valuable lesson I learned from this event is that you should never leave the phpMyAdmin folder (if installed) open. You can do the following instead.

  • Totally get away with phpMyAdmin and connect to the database using port forwarding in PuTTY.
  • If you cannot get away with phpMyAdmin, then at least password protect the folder and database access.
  • If you cannot password protect the folder at least rename it. (Not recommended at all)

So do you still have your phpMyAdmin folder open? 🙂

Posted in Events/Conferences, Security | Tagged , , | 8 Comments

Accessing MySQL safely using port forwarding with PuTTY

During my days with dreamhost, in order to access MySQL from my local machine, I used to add my ip to the allowed host list. Even though security is compromised here, I really liked to use HeidiSQL for accessing MySQL database server instead of the built in MySQL console. But after my move to SliceHost, I found a little trick using which I can continue to use HeidiSQL from my local machine without adding my ip to the allowed host list.

This nice little trick is called port forwarding. Let me show you how I configured PuTTY so as to enable port forwarding.
First install MySQL and then configure SSH to use key based authentication and change the default port by following the articles at Slicehost. After installing MySQL and configuring SSH, download and install PuTTY from its download page. I recommend you to download the zip file containing all the files.

Then create a new session in PuTTY by entering the ip address and also the port. Then choose Connection -> SSH -> Tunnels. In the source port field enter a valid port number like 8600. In the destination field enter the value 127.0.0.1:3306. 3306 is the default port in which MySQL runs. The reason why I asked you to enter a different port in the source is that, in future if you run a MySQL server in your local machine for testing, it will clash with your port forwarding. Click the Add button and then start the session. Don’t forget to save the session.

PuTTY

Now open your favourite MySQL GUI client. Mine is HeidiSQL. In the connection settings, enter 127.0.0.1 as the Hostname and enter the port which you specified in the source field in PuTTY (8600) as port. Also enter your username, password, default database name and the click connect.

PuTTY

Now the request which goes to port 8600 of your local machine is forwarded to port 3600 of your MySQL server by PuTTY and you can safely use a GUI client for MySQL without adding any ip to the allowed host list. Note that it will work only when PuTTY is having the session opened.

I hope this is of help to you and let me know how it is working for you. Happy PuTTYing 😉

Posted in Database Programming, Unix/Server Stuff | Tagged , , , , , | 7 Comments