4

My MySQL database has been getting hacked, and I cannot find the loophole. I have solid protection in PHP to prevent against injection and the hacker himself has communicated with me and says he is not hacking by means of injection.

Without injection, what other ways could I be getting hacked? I know he doesn't know my database password, I am not getting DDOS attacked, and third there is no personal info on my site a hacker would want, so I think the hacker is telling the truth.

So how can a MySQL database be tampered without injection?

Tai Kwangi Chicken
  • 141
  • 2
  • 3
    `and the hacker himself has communicated with me and says he is not hacking by means of injection.` Uhuh. I know that when **I** commit crimes, I take special care to be completely honest with the victims. – HopelessN00b Dec 12 '14 at 20:55
  • 1
    "I have solid protection in PHP to prevent against injection" Meaning what? Are you using prepared statements everywhere? – ceejayoz Dec 12 '14 at 21:17

1 Answers1

5

A MySQL server can only be accessed through a listener. Possible access means:

  • Getting an actual shell on the server.
    • Make sure your SSH configuration and all of the accounts that can SSH in are secure. Check last for suspicious logins.
  • An internet exposed database listener.
    • Your MySQL configuration should never have its 3306 listener exposed to the public. Check how it's listening - if it's publicly exposed, it's easy to attack (and it's had serious authentication bugs in the past)
  • Other things that can get to listeners.
    • PHPMyAdmin?
  • SQL injection.
    • Parameterize every single user input.

If you still can't track it down, start logging all login sessions and queries. If you can't track down the access method, then you should probably just assume the attacker has root access on your system, blow it up and start over: How do I deal with a compromised server?

Community
  • 1
Shane Madden
  • 112,982
  • 12
  • 174
  • 248