Merlin wrote:

I am running a medium size php/mysql website. In the last days I recieved more and more mysql errors due to url tempering. Now my website went down for at least 5 minutes, or more detailed the database server mysql 3.x went down. In the apache logs I found requests like
"connection:close" comming from unspecified clients.

Change your mysql username privileges so that logins can only come from localhost.

Make sure the phpmyadmin conf file isn't visible to outsiders - it has
your mysql database passwords in it.

Consider using deparate usernames/passwords for each mysql database,
so that if a password becomes known, only one database is open to attack.

Make sure you have no usernames/passwords visible in plain text form in
any world-readable files. Assuming that hackers aren't able to access
known usernames/passwords, they may use brute force attacks to guess
user/password combinations, so make sure your usernames aren't obvious
and that your passwords are strong (ie, not words from a dictionary, combination of numbers and letters, uppercase/lowercase, etc.).


My understanding (limited) is that connections closing isn't necessarily
a sign of illicit behaviour, depending on which log file they're in and
the context of their appearance.

If you think you're a target, change all your passwords (in case they
are known) and tighten your security.

Peter.

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to