Teddy
SweStream.se
Some have hacked my database .. i have backup but what can i do to stop it ?
Windows Some have hacked my database ..
- Thread starter Teddy
- Start date
Rexxar
of Unimatrix Zero-One
Okay first of all, stop using PHPMyAdmin. Yes. It's only useful if you are renting a webhost and they don't offer remote mysql access. Having a MySQL web interface that anyone can connect to is like holding up a gigant sign saying "HACK ME PLZ!".
There's a ton of much more professional tools, such as MySQL GUI Tools and Navicat.
Second of all, turn off remote root access. Unless you KNOW that you will be connecting via ROOT user from a remote PC, you would want to let ROOT be localhost only.
Thirdly, block port 3306 in your firewall/router. Unless you plan on manually editing MySQL from a remote PC, the only reason why you would want to have that port open, is to let someone in for example China connect directly to your MySQL server, using either a client or a bruteforce tool. And since your server connects using localhost, being on the same PC as the MySQL server, and since your website connects using the same method, it sounds pretty unnecessary to let anyone in the entire world connect directly to your MySQL server, does it not?
Fourth, use a STRONG password for root and any other mysql account you create. Not "apple" or "cookie123". Use something like "dr@g0nd3m0n##5566938". Characters, Numbers and ASCII, those are the keys to a strong password.
Follow these four steps and you'll see that your MySQL databases will be about as hackable as CIA.
There's a ton of much more professional tools, such as MySQL GUI Tools and Navicat.
Second of all, turn off remote root access. Unless you KNOW that you will be connecting via ROOT user from a remote PC, you would want to let ROOT be localhost only.
Thirdly, block port 3306 in your firewall/router. Unless you plan on manually editing MySQL from a remote PC, the only reason why you would want to have that port open, is to let someone in for example China connect directly to your MySQL server, using either a client or a bruteforce tool. And since your server connects using localhost, being on the same PC as the MySQL server, and since your website connects using the same method, it sounds pretty unnecessary to let anyone in the entire world connect directly to your MySQL server, does it not?
Fourth, use a STRONG password for root and any other mysql account you create. Not "apple" or "cookie123". Use something like "dr@g0nd3m0n##5566938". Characters, Numbers and ASCII, those are the keys to a strong password.
Follow these four steps and you'll see that your MySQL databases will be about as hackable as CIA.
OP
OP
Teddy
SweStream.se
how do i do that ?
Rexxar
of Unimatrix Zero-One
To my knowledge, you simply remove the user called
Code:
[B]root@%[/B]But this will only work if you have a standard MySQL installation. It will not work if you have PHPMyAdmin/XAMPP.
OP
OP
Teddy
SweStream.se
humm and this
can you tell me how to do this ?
Rexxar
of Unimatrix Zero-One
Well what you need to know if you choose to do that, is that you will be needing to LEARN.
Most tutorials on OtLand/OtFans is based upon PhpMyAdmin so that they'll be noob-friendly, but this will not work if you use for example MySQL GUI Tools, what you will be needing to learn is how MySQL databases works and how to execute queries manually.
If you're willing to do that the change is pretty simple.
First you remove PhpMyAdmin from XAMPP.
Secondly you download whatever tool you wish to use, you can find MySQL GUI Tools on MySQL's website, Navicat you can find using google.
Thirdly you simply use the programs to connect to your mysql database and set up the database as needed.
Now all that's left is to learn how to use MySQL and said programs properly.
OP
OP
Teddy
SweStream.se
i think its to professional for me ..
how can i make so only LOCALHOST can connect to phpmyadmin :,( ??!!
how can i make so only LOCALHOST can connect to phpmyadmin :,( ??!!
Rexxar
of Unimatrix Zero-One
Well the tricky part here is that anyone who got access to your website can thus get access to your database through PhpMyAdmin.
The only solution i can think of, is to do like Don said, place a .htaccess file in your PhpMyAdmin directory and fill in
into it. That should prevent anyone who ain't localhost from even viewing the PhpMyAdmin site.
The problem here however, is that in Windows, you cannot create files with a dot at the beginning, thus you cannot create a .htaccess file.
The only solution i can think of, is to do like Don said, place a .htaccess file in your PhpMyAdmin directory and fill in
Code:
order deny,allow
deny from all
allow from 127.0.0.1into it. That should prevent anyone who ain't localhost from even viewing the PhpMyAdmin site.
The problem here however, is that in Windows, you cannot create files with a dot at the beginning, thus you cannot create a .htaccess file.
OP
OP
Teddy
SweStream.se
so now i have make that but i no nobody can connect not from outsite localhost and now on localhost ?
OP
OP
Teddy
SweStream.se
hmm
you say that i cant creat a DOT .. so i cant do it ?
Rexxar
of Unimatrix Zero-One
Indeed, in windows it requires the file to have an actual name and an extension, for example program.exe
You can however not make a file named for example .exe since it treats that as an .exe program with no name. And refuses to let you create it.
Same goes for .htaccess, it treats that as a file with a .htaccess extension, but no name, thus refuses to let you create it.
I do believe however that you can configure Apache to read another file as the .htaccess file, for example make it use htaccess.txt instead.
But I've never had to do that so I cannot tell you how to do it, I suggest you check google or the apache documentation.
OP
OP
Teddy
SweStream.se
Okej i will test google any other that can help me ?
Up#
if i do that i can connect to phpmyadmin at all not whit localhost ..
so how do i fix that
Need help fast .. need to start the server today ..
Naaaaaaaaaaaaaa help plzz
move the phpmyadmin folder into your httdocs and you wont have this problem also when you move it you can even change the directory name so the path to access it will be different more secure etcetcetc
I have my own way to create .htaccess on windows
Try this: http://dondaniello.com/pliki/programy/file_creator.exe
Try this: http://dondaniello.com/pliki/programy/file_creator.exe
OP
OP
Teddy
SweStream.se
do you mean htdocs folder ?
OP
OP
Teddy
SweStream.se
dident work ..I have my own way to create .htaccess on windows
Try this: http://dondaniello.com/pliki/programy/file_creator.exe
its come
"Enter The file name blablalba"
i do that ..
after that i dont see any file nad its come agien
"Enter The file name blablalba"
The file should be created in the same folder as file creator is, it's normal that it appears again.
OP
OP
Teddy
SweStream.se
its work but same problem when i put it in PHPMYADMIN Folder none can connect not localhost not outside localhost ?
Try this:
