Main Area and Open Discussion > Living Room
MySQL hacked
Carol Haynes:
Yesterday my server was hacked.
The behaviour was malicious and basically went through every database on the MySQL server and changed all user names to admin and all passwords to a single password.
This must have happened via the MySQL server directly because it affected all databases on the server for all client accounts.
As far as I can see no other damage was done.
Does anyone have any idea how this could have happened and how to prevent future attacks?
Currently a backup is being restored from before the incident but I don't want to have to go through this again if I can avoid it.
Ath:
Someone ran an 'update' query, but forgot the where clause? Or a buggy script?
Yeah, I'm an optimist ;D
Carol Haynes:
I know it seems an odd thing to do deliberately??
I could understand websites being defaced or other malicious things to do - this just seems strange.
To the best of my knowledge no one has done any many SQL queries and all the databases are separated by user under CPanel and each has its own single user and unique strong password so how could a rogue script on one user account affect the databases on all user accounts?
Tinman57:
Yep, could have been the server admin ran a buggy script to make changes or update the server files. Or even perhaps the server admin typed in a wrong command or a command he/she shouldn't have. You would think that if it was with malicious intent, your database would have been trashed, unless someone just wanted a copy of all the users data. You should contact the server admin and ask what's happening, just in case....
Carol Haynes:
I have - but a lot more malicious activity has occurred since.
FWIW I have lost total confidence in nativespace.co.uk - I have been using them for a number of years and am paying a premium price because they are doing daily backups offsite. Now turns out they take the money and don't do the backups.
Up shit creek in a big way.
Navigation
[0] Message Index
[#] Next page
Go to full version