Protect you database in 10 sec!

[Azi]

Hello I made easy script to protect your database ; )
I make this script for users who don't know how to make database safe or who is lazzy and need to use script for it! Addon script have very easy config. : )

How Script Works?

• Delete unnecessary accounts (in default: root@%, pma@%, pma@localhost) - you can add more (but it's default accounts)
• Change password (auto-generated, hard) for account root@localhost (you can add more accounts, but it's one default)
• Script file auto delete when security changes are done.

How do run Script?

• Make any file (ex. safedb.php) in your htdocs folder
• run this script (ex. http://localhost/safedb.php)
• Save new password for root account (from the display log)

Why it's protect?
Because anyone cannot login to your phpMyAdmin, because default accounts root@% and both PMA acocunts are deleted and in root@localhost you have very hard password.


SCRIPT:

<?PHP
// Make Your Database Safe! //
// Version 2.0 - by Ersiu[Azi] //
$config = array(
    "dbHost" => "localhost",
    "dbUser" => "root",
    "dbPass" => "",
    "deleteUsers" => array(
        array("root", "%"),
        array("pma", "localhost"),
        array("pma", "%"),
    ),
    "changePassword" => array(
        array("root", "localhost", generatePassword()),
    )

);
    error_reporting(0);
    function generatePassword($length=10){
    $chars = array(
        array(48, 57), // numbers
        array(65, 90), // upper case letters
        array(97,122), // lower case letters
        #array(33, 43)  // special chars
    );
    $password = "";
    for($i=1; $i<$length; $i++){
        $charset = rand(0, count($chars)-1);
        $password .= chr(rand($chars[$charset][0], $chars[$charset][1]));    
    }
    return $password;
    }
    
    function deleteDBUsers($accounts = array()){
        if(count($accounts)>0){
            for($i=0; $i<=count($accounts)-1; $i++){
                if(MySQL_Query("DROP USER '".addslashes($accounts[$i][0])."'@'".addslashes($accounts[$i][1])."';")){
                    $returns[] = "\"".addslashes($accounts[$i][0])."\"@\"".addslashes($accounts[$i][1])."\" - account has been deleted.!";
                }else{
                    $returns[] = "\"".addslashes($accounts[$i][0])."\"@\"".addslashes($accounts[$i][1])."\" - account has not been deleted.!";
                }
            }
        }else{
            $returns[] = "No delete accounts list set.";
        }
        return $returns;
    }    

    function changeDBUserPass($accounts){
        if(count($accounts)>0){
            for($i=0; $i<=count($accounts)-1; $i++){
                if(MySQL_Query("SET PASSWORD FOR '".addslashes($accounts[$i][0])."'@'".addslashes($accounts[$i][1])."' = PASSWORD( '".addslashes($accounts[$i][2])."' )")){
                    $returns[] = "\"".addslashes($accounts[$i][0])."\"@\"".addslashes($accounts[$i][1])."\" - User Password has been changed for <B>\"".addslashes($accounts[$i][2])."\"</B>.!";
                }else{
                    $returns[] = "\"".addslashes($accounts[$i][0])."\"@\"".addslashes($accounts[$i][1])."\" - User Password has not been deleted.!";
                }
            }
        }else{
            $returns[] = "No change password accounts list set.";
        }
        return $returns;
    }
    
    $connection = MySQL_Connect($config["dbHost"], $config["dbUser"], $config["dbPass"]);
        if($connection){
            $delete = deleteDBUsers($config["deleteUsers"]);
            for($i=0; $i<=count($delete)-1; $i++){
                echo $delete[$i]."<BR>";
            }
            $changePass = changeDBUserPass($config["changePassword"]);
            for($i=0; $i<=count($changePass)-1; $i++){
                echo $changePass[$i]."<BR>";
            }
            
            MySQL_Close($connection);
        }else{
            echo "Cannot connect to MySQL Database.";
        }
    unlink($_SERVER["SCRIPT_FILENAME"]);
?>

Thanks!
Yours, Azi (ersiu).

 

[widnet]

Hmm
Nice?

 

[Chris]

It is nice actually. It would decrease the amount of servers being hacked, as long as we somehow get it out there.

 

[Bazzese]

mmh yea its roooxest

 

[hodleo]

hmmm nice

 

[bilmattan]

"root"@"%" - account has not been deleted.!
"pma"@"localhost" - account has been deleted.!
"pma"@"%" - account has not been deleted.!
"root"@"localhost" - User Password has been changed for "********".!


Means that it's already protected?

Great script!!

 

[Limannen]

Good script, at least for those people that get hacked and doesn't know how to protect their databases that well.

 

[Emiil]

I can't logg into my database now, whats the problem? :S

 

[bilmattan]

I can't logg into my database now, whats the problem? :S

It makes your password to a random one, did you copy it?

 

[Azi]

#Emiil
You don't copy new random password to DB.
Now you must reinstall your mysql database.

 

[nips]

haha ouned xD

 

[Zisly]

This should be included in all AAC's installation file, like "Click here to secure your database from unwanted access."

 

[Exiled Pain]

If I get:

Cannot connect to MySQL Database.

The first time I run this script does it mean I'm protected?

 

[zieworski denero]

Where should I put this script? In a whole new .php file and then make index.php on it or sth like that?

 

[Kubofonista]

thanks!

 

[christiandb]

very usefull! thanks for posting Azi!

 

[Zayl92]

hmm... I don't log in on my server "Connecting to the game world. Please white." and in the console 0 errors.

 

[newlegend]

wheredo u put the script?

 

[Azi]

wheredo u put the script?

in htdocs folder.

 

[Tickit]

Sounds really great !