Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 05, 2016, 02:39:39 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: MySQL hacked  (Read 2800 times)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
MySQL hacked
« on: May 20, 2013, 03:36:39 AM »
Yesterday my server was hacked.

The behaviour was malicious and basically went through every database on the MySQL server and changed all user names to admin and all passwords to a single password.

This must have happened via the MySQL server directly because it affected all databases on the server for all client accounts.

As far as I can see no other damage was done.

Does anyone have any idea how this could have happened and how to prevent future attacks?

Currently a backup is being restored from before the incident but I don't want to have to go through this again if I can avoid it.

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 2,779
    • View Profile
    • Donate to Member
Re: MySQL hacked
« Reply #1 on: May 20, 2013, 03:41:56 AM »
Someone ran an 'update' query, but forgot the where clause? Or a buggy script?

Yeah, I'm an optimist  ;D

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
Re: MySQL hacked
« Reply #2 on: May 20, 2013, 03:59:10 AM »
I know it seems an odd thing to do deliberately??

I could understand websites being defaced or other malicious things to do - this just seems strange.

To the best of my knowledge no one has done any many SQL queries and all the databases are separated by user under CPanel and each has its own single user and unique strong password so how could a rogue script on  one user account affect the databases on all user accounts?

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Re: MySQL hacked
« Reply #3 on: May 20, 2013, 08:40:13 PM »
  Yep, could have been the server admin ran a buggy script to make changes or update the server files.  Or even perhaps the server admin typed in a wrong command or a command he/she shouldn't have.  You would think that if it was with malicious intent, your database would have been trashed, unless someone just wanted a copy of all the users data.  You should contact the server admin and ask what's happening, just in case....

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
Re: MySQL hacked
« Reply #4 on: May 21, 2013, 02:29:46 AM »
I have - but a lot more malicious activity has occurred since.

FWIW I have lost total confidence in nativespace.co.uk - I have been using them for a number of years and am paying a premium price because they are doing daily backups offsite. Now turns out they take the money and don't do the backups.

Up shit creek in a big way.

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Re: MySQL hacked
« Reply #5 on: May 21, 2013, 05:46:45 PM »
I have - but a lot more malicious activity has occurred since.

FWIW I have lost total confidence in nativespace.co.uk - I have been using them for a number of years and am paying a premium price because they are doing daily backups offsite. Now turns out they take the money and don't do the backups.

Up shit creek in a big way.

This site may be of some help:


Quote
Additional resources: hacked sites
We understand that having your site hacked is extremely frustrating, and that the cleanup process can be difficult. Fortunately, there are a number of great articles, blogs, tools, and companies that can help you restore and secure your site. For the record, StopBadware does not curate or maintain these resources.

https://www.stopbadw...cked-sites-resources

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,406
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: MySQL hacked
« Reply #6 on: May 21, 2013, 06:03:45 PM »
I'm so sorry to hear of your site trouble carol -- it could happen to anyone.  Try to stay calm and just do what you can do.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
Re: MySQL hacked
« Reply #7 on: May 21, 2013, 06:33:06 PM »
Thanks - getting there slowly.

Not helped by the data centre not maintaining backups as promised.

Today they restored a backup from 2012!!! Then, having spent half the afternoon working on it, they suddenly restored all the corrupted websites again undoing everything I had achieved (well mostly as I was backing up as I went along).

Why does this sort of crap give script kiddies such a thrill - it isn't even as if they see me squirm! Bastards should be castrated!

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 1,879
    • View Profile
    • Donate to Member
Re: MySQL hacked
« Reply #8 on: May 21, 2013, 06:36:05 PM »
Not sure if mentioned already-  or if you want to - but I would be curious which host this is?


Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
Re: MySQL hacked
« Reply #9 on: May 21, 2013, 06:43:12 PM »
A VPS on nativespace.co.uk

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 1,879
    • View Profile
    • Donate to Member
Re: MySQL hacked
« Reply #10 on: May 21, 2013, 06:50:56 PM »
Thanks.

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
Re: MySQL hacked
« Reply #11 on: May 21, 2013, 08:04:27 PM »
To be fair the hacking isn't their fault - part of it rests with me as I still have some websites using Joomla 1.5 because extensions I used are not available for 2.5 or 3 or it is going to be a massive undertaking to upgrade them because of built in forums or shopping carts and the site owners don't want to pay me to maintain or upgrade their website. I can't really afford to upgrade those sites gratis as it is going to be a lot of hours of work. As it stands I am going to make it clear that I have a clean copy as of today and if there is a problem in the future that is the site that will be put back if they don't want my support - alternatively they can make their own backups and then the ball is in their court!

To be honest I think the simplest solution is to move those sites to individual hosting solutions off my VPS and let them deal with the headaches rather than have them let hacking issues affect the whole server.

barney

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,282
    • View Profile
    • Donate to Member
Re: MySQL hacked
« Reply #12 on: May 22, 2013, 12:58:50 AM »
To be honest I think the simplest solution is to move those sites to individual hosting solutions off my VPS and let them deal with the headaches rather than have them let hacking issues affect the whole server.

'Twould seem that to be the most efficacious solution in the future ... albeit not a resolution, per se, for the current situation.  Although, I am confused ... do those clients expect you to protect them from every little foible?  Or is that a thing you're contracted to do?  If the latter, you might want to reexamine your current business plan.    (Been there, to a lesser extent, and got savaged due to lack of real and proper planning upon my part.)

Carol Haynes

  • Waffles for England (patent pending)
  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 7,986
    • View Profile
    • Dales Computer Services
    • Donate to Member
Re: MySQL hacked
« Reply #13 on: May 22, 2013, 01:31:44 AM »
I offer clients ongoing support - which includes website updates and backups but some decline to take it. At the moment I am sorting things out for everyone as a goodwill gesture but I don't want to have to go through all this again so I need to make it clear to people who don't want my support what the future consequences are.