SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Evangelist
    Join Date
    Oct 2003
    Posts
    440
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Site hacked & DB deleted. Security issue with phpmyadmin?

    Hey,

    My host is running phpmyadmin 2.0.6. Apparently, someone logged into my website and got the phpmyadmin user and pass and dropped the DB and deleted some hosting details. This is weird... last night, I changed the password, and this happened after that. Any ideas on what I can do to make sure this doesn't happen again?

    Thanks.

  2. #2
    SitePoint Wizard HarryR's Avatar
    Join Date
    Dec 2004
    Location
    London, UK
    Posts
    1,376
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, you're asking a never-ending question.. There is literally loads of stuff you can do to make sure the chance of this happening again is lower (you can never say 'I am 100% secure' because there is always atleast one attack vector).

    Generally I'll give you a couple of tips that will help more in future:
    • Use seperate passwords for your MySQL account, hosting/ftp account (and make sure it's not one you commonly use).
    • Stay up to date with security information about any applications you're running on your website (goto securityfocus.com and subscribe to the lists that you think are appropriate, but be warned - some are fairly high traffic).
    • Make sure any administrative sections on your website are password protected (using for example .htaccess/.htpasswd combination, so even if an admin application you were running was vulnerable to some sort of attack, they'd have to authenticate first). And again, don't use the same password as your main account.
    • Make sure there are no files on your site that are readable (e.g. config.inc, config.ini or silly mistakes like that).


    Anyway, thats enough for you to chew on for now, but if you wanted to go that step further you could setup something like devialog to analyse your logfiles and email you about suspicous activity.. but thats for another day

    Regards,
    Harry

  3. #3
    ********* Genius Mike's Avatar
    Join Date
    Apr 2001
    Location
    Canada
    Posts
    5,458
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Are you on a shared server or so you run your own dedicated?

    If you're on a shared server, your host should be patching all server software. I'd look at any scripts you have and make sure you aren't a victim of MySQL injection attacks.
    Mike
    It's not who I am underneath, but what I do that defines me.

  4. #4
    SitePoint Evangelist
    Join Date
    Oct 2003
    Posts
    440
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Mike, this is probably a really, really dumb question, but what's a mySQL injection attack (in simple terms, please )?

    I'm on a shared server, and all the mySQL db's on the server just got deleted... so I'm moving to A Small Orange (asmallorange.com); their servers are simply better and they are not a one-person hosting company (FastArcade, luckily, was the only site on that small company's server).

    Harry: My passwords are completely random and I do use different ones for different things. Thanks for the security link & very helpful tips... rep point donated

  5. #5
    SitePoint Evangelist ldivinag's Avatar
    Join Date
    Jan 2005
    Location
    N37 33* W122 3*
    Posts
    414
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by skyraider
    Mike, this is probably a really, really dumb question, but what's a mySQL injection attack (in simple terms, please )?
    plain and simple. the malicious user will add something at like a login screen:

    username: joe_blow

    (we assume no password but you get the idea)

    so the sql statement will be like

    SELECT * from usertable where username = $username

    where in turn will become

    SELECT * from usertable where username = "joe_blow"

    anyways, the bad dude will login with

    username: 'joe_blow OR username = root'

    so the sql statement becomes

    SELECT * from usertable where username = "'joe_blow OR username = root'"

    that's how the recent phpBB hack was done, IIRC

    granted most are more complicated that the above.

    so the thing you have to do is validate the INPUTs before you jam it into a mysql query. and i mean wring the data through all sorts of functions from whatever language you are using to strip out all sorts of crap.

    in the example above, for example, you may wanna limit the $username variable to like 10 characters, which is the limit of your app's username...
    leo d.

  6. #6
    get into it! bigduke's Avatar
    Join Date
    May 2004
    Location
    Australia
    Posts
    847
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    leo if the PHP were installed right, SQL injection attack like that one never works, I've tried every combination possible but it just wouldn't work, thanks to our magic qootes.

    skyraider, you said something about hosting details being deleted, I suspect this to be a malicious 'internal agent' i.e. someone with superuser access who did this. I have no idea how you would tackle such a problem.

    Other security aspects have alreayd been mentioned


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •