My testing database has been hacked. I am pretty sure it's hacked by an easily guessed test use admin credential.
After reading How do I deal with a compromised server? I've got an idea of what to do, but the problem is how to do it. I have tried looking to see what queries the hacker had used but since the general_log was turned off there isn't a log to see.
So far what I did is remove all unused accounts, set port access on AWS to my computer only.
What/and how could I do to make sure that I didn't leave any vulnerability open for the hacker to use? Also how do I ensure I removed everything the hacker has done without having a log?
