SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Wizard
    Join Date
    Nov 2003
    Location
    United Kingdom
    Posts
    2,118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Change your mysql database names and table names to stop your site getting hacked!

    Hi,

    I was just wondering after having my site hosted on a shared web server for sometime, I am now changing it to a new company that offers dedicated hosting.

    We while I am traferring my files over, I started thinking that the old web hosting company most probably has backups of my site and they can easily look at it and see the sites stucture.

    Because of this, I have changed the databases name, but I was wondering that this won't really do anything. So I was then wondering if it would be best to also change the databases tables names aswell just incase they hacked my site or something for moving from them to another company.

    Or should I just change the name of the file that includes the databases connection sql code.

    I will either have to change the file of the connection script or the scripts tables or there could always be a chance of my old hosting company hacking my site.

    I know that they most probably wouldn't hack my site, but you never know these things and it's better to consider these things just incase they did end up hacking my site.

  2. #2
    SitePoint Addict
    Join Date
    Jan 2004
    Location
    New York
    Posts
    254
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your dedicated host can login with the root account, get the files and hack your own site and it won't be the shared host!

    Don't worry about it. All sites have this problem, unless you serve on your own box at home. And even then a buglar can break in and steal your box. A business would never give up their business integrity for something petty like peeping into your database and changing some entries.

  3. #3
    SitePoint Wizard
    Join Date
    Nov 2003
    Location
    United Kingdom
    Posts
    2,118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK!

    Thanks!

    Also, I know that the people where I am having the new dedicated server can also hack my work, but I wouldn't think they would because I am a customer of theirs.

    But with my other host, I use to be a customer of theirs but now I am going to not be.

    But as you say, I guess that's life.

  4. #4
    SitePoint Zealot
    Join Date
    Jan 2005
    Posts
    147
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    lol i think your a little paranoid man, i truely don't beleive that a hosting company that would like to remain in biz would be hacking there customers sites or ex-customer sites.

    But in the event that a hacker wants in... they'll get in, i mean some hackers are just unstoppable. They might ave your site structure and even all your code and files on backed up drives. But your on a new host and they would have to manualy hack the site rather then doing it from the "inside". besides why are you so paranoid about your old host? do you beleive that they played a part in the hack of your site? Did you speak with them about it and find out if other sites they host was also hacked? i mean there could be a million reasons why your site was hacked and your nailing your host on it?

    I"ve been through a number of hosts over the years and left on bad terms on one or two of them but nothing ever came about it. Just think though.. if you would have coded with security in mind you might not have been hacked to begin with :P

  5. #5
    SitePoint Wizard
    Join Date
    Nov 2003
    Location
    United Kingdom
    Posts
    2,118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, I have never been hack and I don't think I would be hacked at all from my old or new hosts, but when I was tranferring my site over to my dedicated host, it was something that just crossed my mind.

    Also, if you changed your web hosting and didn't change any of the file names, database names, etc. and your old web host has it all then they can hack your site. They don't have to try to get into your new control panel on your new host. All they have to do is write a simple script that would connect to your database and go from there.

  6. #6
    SitePoint Zealot
    Join Date
    Jan 2005
    Posts
    147
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    assuming that the new host allows server to server connections. Many hosts don't allow you to connect to there databases with anything other then localhost. Also i normaly keep a host long enough to finish a project then drop the host. I rotate several different domain names on projects. Each project is assigned a domain name and once i'm done with it gets thrown in the back of the line and the hosting account is dropped. I do use particular hosting companies though.

    I'm not concerned about being hacked, if i am i am there's not much you can do about it after the fact. Other then try and learn from it and make preperations for it in the future.

  7. #7
    SitePoint Wizard
    Join Date
    Nov 2003
    Location
    United Kingdom
    Posts
    2,118
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I didn't actually thing about that some web hosts don't allow you to connect to databases from other IP's/DNS.

  8. #8
    SitePoint Zealot
    Join Date
    Jan 2005
    Posts
    147
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yep they are out there, normaly lower end, wait lets be politicaly correct "budget" hosting companies. But i understand what your saying and you have a valid issue. Content is cash and the loss of content is as good as loosing your wallet on the way home from work on payday.

    So the only things i can suggest is to do what your doing. Change the connection vars and database name. Personaly i wouldn't change the table names unless you have them assigned to variables within an include file somewhere. Otherwise changing the table names would be more work then what it might be worth. when you consider that if they get the connections and connect to the database they can allways query for all the table names to start with.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •