Knowledgebase

Portal Home > Knowledgebase > Articles Database > Mysql Hack


Mysql Hack




Posted by aryafar, 09-08-2009, 11:22 AM
A hacker can view all database (mysql) information on my server. So, he can give access and deface all databases. Where is issue? my server is whm/cpanel.
Posted by eth10, 09-08-2009, 11:28 AM
change all your password WHM.CPANEL ,EMAIL,FTP. use openssl tool to generate password or create a strong password. This can happen only when passwords are cracked.
Posted by gilbert, 09-08-2009, 11:31 AM
If you got a long favorite phrase that's easy for you to remember and type. Sometimes these make the hardest passwords to crack cause you remember it so easily and they are so many characters.
Posted by aryafar, 09-08-2009, 11:35 AM
Thank you very much. Its not cracked/hacked password issue. Because all passwords changed daily, also all password is 88 character (symbol, number inclded)
Posted by prashant1979, 09-08-2009, 11:56 AM
There is a chance of SQL injection. If your code is not secure enough, a hacker can use the SQL injection technique and get your Database user name and password and use it to deface the website and make changes in the records.
Posted by aryafar, 09-08-2009, 11:59 AM
How can check it?
Posted by Tom,, 09-08-2009, 12:04 PM
Until you get it fixed I would recommend you ssh Then get someone to check your site out
Posted by prashant1979, 09-08-2009, 12:05 PM
There are a few applications available which will scan your website to find out if it is vulnerable to different kinds of web attacks. One of them is Accunetix. You can try the trial version which allows up to 5 websites to be scanned. Also, install Mod Security in the server which will help to block a few if not all attacks. You can check the Mod Security logs to find out if the website is being attacked.
Posted by aryafar, 09-08-2009, 12:07 PM
Yes, i know. Bt hacker can view all database, all database of all hosted site on server. Its not an issue just for a site.
Posted by prashant1979, 09-08-2009, 12:11 PM
Can he view only the databases or the other data too? Check your MySQL root password and modify it at once. Also make sure you don't have port 3306 open to outside network. Scan the entire server with any antirootkit or antivirus like clamav.
Posted by Tom,, 09-08-2009, 12:12 PM
Get a server management company to look at your server and sort it out! Like I said earlier until then SSH the command... service mysqld stop That will shut down your mysql server so he/she/they/it won’t be able to view your databases
Posted by aryafar, 09-08-2009, 12:14 PM
Thank you so much. Do you know any great support company?
Posted by Tom,, 09-08-2009, 12:21 PM
Try this company
Posted by prashant1979, 09-08-2009, 12:31 PM
You can also try http://www.configserver.com/cp/cpanel.html
Posted by Tom,, 09-08-2009, 12:33 PM
CSF is good!
Posted by nomankhn, 09-08-2009, 02:59 PM
If you daily change passwords and he/she can still view database, how you are sure some one is accessing your database, because this 88 character password is not easy thing, are you using any antivirus that will scan your web directories ?
Posted by Kusai, 09-09-2009, 12:42 AM
I have seen and experienced this, besides the password being changed and all measures taken, hacker are able to view and manipulate the database. Not sure but there is a big loophole in mysql which exploits. We have a couple of customer using windows servers for calling card "voip" business, and their all calling card info are stored on mysql, their server was compromised and the hacker was able to refill calling cards and keep using it despite all passwords being changed on hourly basis, there was no other option left except taking the server down.
Posted by DJMizt73, 09-09-2009, 05:25 AM
netstat to make sure you dont have any mysql ports open to the world - on a LAMP you should use sockets (unless of course u have a seperate DB server the something like openssl on your network port should be implemented) also check the users in your mysql for privileges. Sometimes people just get lazy and grant all privileges with simple mysql passwords.
Posted by javierfa, 09-09-2009, 09:44 AM
Analyze the querys to the database to view sql injections


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
What is InterlockedIncrement? (Views: 508)
IP not blacklisted but email go to spam folder! (Views: 496)
Switching resellers (Views: 482)
not permitted to relay? (Views: 493)
Help with Virtual Hosting (Views: 495)

Language: