-1

Possible Duplicate:
My server's been hacked EMERGENCY

My MySQL database is getting hacked daily.

Hackers are uploading shell and files in others cpanel to the server, and getting the users and passwords from the database, login from web based mysql managers, etc.

Is there any way to block localhost login to my database? Or hide the tables? Or any other idea?

Community
  • 1
yabahot
  • 9
  • 1
  • 1
  • can you provide some more information about your setup, are you saying that you are on a shared box and that other local users are using their user@localhost to access your mysql database? – Tom Apr 22 '12 at 12:38
  • I would post the output of the following commands `select user, host, db from mysql.db\G` and `select Host,Db from mysql.host\G` and `select user, host from mysql.user\G` and look and see which users have '%', localhost or 127.0.0.1 access. – Tom Apr 22 '12 at 12:43
  • you can also use `DROP USER 'jeffrey'@'localhost';` and `DROP USER 'jeffrey';` to remove those instances that have no password set – Tom Apr 22 '12 at 12:46
  • I bet you're running something written in PHP. Aren't you? Aren't you. – Tom O'Connor Apr 22 '12 at 17:39
  • 1
    @TomO'Connor - My guess is `phpmyadmin`. That's a hateful piece of software, especially un-patched. – Mark Henderson Apr 23 '12 at 06:26

2 Answers2

6

How about securing your server?

  • Find the reason why they are able to upload shells, then close the hole.
  • How is it possible they are able to access your database? Different users different passwords. MySQL has a proper role and authentication system, use it.
  • Update everything.
  • Use a firewall/ACL

If you don't understand what I'm talking about, you might consider getting in a consultant to fix these issues for you.

Lucas Kauffman
  • 16,818
  • 9
  • 57
  • 92
6

If you absolutely have to expose mysql to the public network then you should set a very complex password, and consider using iptables to limit those addresses that can access the service remotely.

However as general rule, for whatever reason you want to export MySQL to the network, it is not a good idea. If you are on linux, (or with putty on windows) you can use SSH and a local port forward to make the remote database appear to local development applications with a command like ssh user@remoteserver.com -L 3306:localhost:3306

you can use the show grants for 'user' command to see which users have access to your database, and which hosts they can connect from. You can also use the following commands (as a starting point) for enumerating the users who can access the server, database locally or remotely; 

 select user, host, db from mysql.db\G 

 select Host,Db from mysql.host\G

 select user, host from mysql.user\G

you can also use DROP USER 'jeffrey'@'localhost'; and DROP USER 'jeffrey'; to delete the accounts that have been created.

Tom
  • 10,886
  • 5
  • 39
  • 62