Is your database a shared database?  Permissions might have been set
incorrectly so that you saw them; then someone realized that the
permissions were wrong, changed them, and thus you couldn't see them

If the database is a shared system, then you might have just seen a
misconfigured access list.  If it isn't a shared system, then your
instincts are probably correct; however, check with ANYONE who has or might
have access to the database (via the web, via shell, etc) either locally or
remotely and make sure they weren't just messing around with some new


On Tue, 22 Jul 2003 [EMAIL PROTECTED] wrote:

> I know... live and learn... and learn I have...
> Good advise there...
> We're gonna be moving hosts in a few weeks anyway, to relieve the burden
> on little me in these kinda areas...
> Passwords are being changed, and patches are being checked for updates
> etc...
> I have full backups of the site, and most of the databases, so it's not a
> major crisis, but it is a major pain in the arse... I just LOVE data
> entry...! ;-)
> I think I've still got a job, so that's good... but I'll listen to the
> advise I've been given today and act on it...
> Roll on Friday...
> Tris...
> Jason Wong <[EMAIL PROTECTED]>
> 22/07/2003 12:52
> Please respond to php-db
>         To:     [EMAIL PROTECTED]
>         cc:
>         Subject:        Re: [PHP-DB] Hackers?
> On Tuesday 22 July 2003 18:14, [EMAIL PROTECTED] wrote:
> > Now I am not an Apache guru, and my PHP/MySQL experience is all based
> > around the coding side, not the instilation, security etc...
> >
> > So when I arrived at work yesterday, and discovered that several
> databases
> > had been deleted, and a random database called 'sanij' has been created,
> > My gut was to suspect hackers.
> > None of my web site pages are unaffected, and the web site runs just
> fine,
> > apart from those pages that need a MySQL database for content.
> Hmm, you have several databases missing, you suspect hackers, yet you
> continue
> to run the server so that ...
> > This morning I come to work and ALL the databases have been deleted.
> > As I said, I really don't know where to begin looking for evidence of
> > hackers.
> ... they can delete ALL your databases?
> The golden rule is, at the first sign of any suspicious activity (yes
> having
> several databases deleted does count as suspicious activity!), take the
> server off-line, backup all your important data, and investigate.
> > While I'm curious to know who did this,
> I think a better question to be asking is *how* they did this. Knowing
> that
> would stand you in good stead to prevent it from happenning in the future.
> Depending on the ability of the 'hacker' the logs may be a source of info.
> > I guess my priority os to recover
> > the lost data... is this possible...?
> See what you can salvage from the directory where MySQL keeps the
> databases.
> If there's nothing there then your only salvation are in the backups.
> > I'm working off a RAQ4, hosted by NetBenefit...
> >
> > Any advise, ideas are gonna be apperciated at this point.
> > I've got backups of alot of the databases, but several were created in
> the
> > past few weeks, and I didn't back them up yet...
> > I know I know... stupid man I am, but I'll slap myself later, for now...
> a
> > solution is required....
> 1) The RAQs and its siblings seems to be notoriously insecure. You really
> need
> to keep up with any new security updates.
> 2) A default installation of MySQL is also insecure in that you do not
> need a
> password to use the root account.
> As with all break-ins or suspected break-ins, to be on the safe side you
> should recover any data that you can (making sure that they haven't been
> tainted) then format the hard-disk (or better still, put in a new
> hard-disk,
> keeping the old one for analysis) and re-install.
> --
> Jason Wong -> Gremlins Associates ->
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
> ------------------------------------------
> Search the list archives before you post
> ------------------------------------------
> /*
> Cats are intended to teach us that not everything in nature has a
> function.
>                                  -- Garrison Keillor
> */
> --
> PHP Database Mailing List (
> To unsubscribe, visit:
> *********************************************************************
> The information contained in this e-mail message is intended only for
> the personal and confidential use of the recipient(s) named above.
> If the reader of this message is not the intended recipient or an agent
> responsible for delivering it to the intended recipient, you are hereby
> notified that you have received this document in error and that any
> review, dissemination, distribution, or copying of this message is
> strictly prohibited. If you have received this communication in error,
> please notify us immediately by e-mail, and delete the original message.
> ***********************************************************************

Peter Beckman                                                  Internet Guy
[EMAIL PROTECTED]                   

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to