-
2026 staff recruitment is open! Check it out and consider applying!
Linux SQL Database hacked
- Thread starter godek
- Start date
Yea, I also tried changing passwords to all users and drop the pma user. I had a problem here because I didn't have pma user, a few minutes ago I deleted user named "phpmyadmin" and I'm waiting for effects now. I'm affraid that won't work :/
Wesker
Member
- Joined
- Sep 26, 2011
- Messages
- 223
- Reaction score
- 6
i can think of 2 ways of doing it
1 : al the ot databases are the same, so you can rename everything and everyfile, and reset your phpadmin users in your cpanel
2 : just reset everything and do not allow any1 to access the databases, exept the panel admin, in most of the sites some people create an user just to access the database, if any1 has that user allowed well your gonna be hacked over and over again
so i belive you should export your databases if theres nothing wrong with them, and then take down your website, erase everything in your host, and re-upload and import
you didnt give us any details, like :
the hacker threats me to give him items or some shitt like that (newbs)
the hacker its hacking a seerver dedicated hosted on the u.s (if so tell your host to persuit him from hacking their servers an u.s laws will apply, if he is in the u.s)
the hacker just makes random shitt (now thats weird, thats probably you, making mistakes, or some1 that its making sql injections on your website something like
in rows[][] bla bla items or pacc or something, trought a .php file that he upload to your server, or edited on root, wich i really doubt it)
test all your website files, and refresh your database, to see if theres any bug around, if you open a window and suddenly sql makes an entry, do it 3 times if it happends again its mostlikely a wrong insert intro
with that been said, we dont know anything, and i advice you to not post any data that might put in geopardy your server again.
1 : al the ot databases are the same, so you can rename everything and everyfile, and reset your phpadmin users in your cpanel
2 : just reset everything and do not allow any1 to access the databases, exept the panel admin, in most of the sites some people create an user just to access the database, if any1 has that user allowed well your gonna be hacked over and over again
so i belive you should export your databases if theres nothing wrong with them, and then take down your website, erase everything in your host, and re-upload and import
you didnt give us any details, like :
the hacker threats me to give him items or some shitt like that (newbs)
the hacker its hacking a seerver dedicated hosted on the u.s (if so tell your host to persuit him from hacking their servers an u.s laws will apply, if he is in the u.s)
the hacker just makes random shitt (now thats weird, thats probably you, making mistakes, or some1 that its making sql injections on your website something like
in rows[][] bla bla items or pacc or something, trought a .php file that he upload to your server, or edited on root, wich i really doubt it)
test all your website files, and refresh your database, to see if theres any bug around, if you open a window and suddenly sql makes an entry, do it 3 times if it happends again its mostlikely a wrong insert intro
with that been said, we dont know anything, and i advice you to not post any data that might put in geopardy your server again.
Wesker, I don't have any data to save. I can even reinstall the whole phpmyadmin. But now I'm not on the right computer so I will try tomorrow.
EDIT
Oh... And I didn't give access do pma anybody. Even an access on acc maker site..
EDIT
Oh... And I didn't give access do pma anybody. Even an access on acc maker site..
Wesker
Member
- Joined
- Sep 26, 2011
- Messages
- 223
- Reaction score
- 6
mmm the dedicated host they are on localhost, but you will never access it that way, they dont give the root, however im thinkingwhat could it be, and to be honest idk
again whats wrong on the website or databases, what is the hacker doing ?
1. Change your root password.
2. Change your PMA password.
3. Check this thread.
4. Go to your phpmyadmin folder in ./www - Change the folder name from phpmyadmin to ANYTHING else. Just be sure to use the new directory of the new folder name.
5. Inside your phpmyadmin folder, find index.php and replace (red IPs with IPs you wish to allow to connect to phpmyadmin):
This:
with this:
6. Change all GM passwords, and wipe database if necessary.
7. Use SHA-1 passwords in the future.
8. Use crontab to keep daily database backups. My thread here.
Good luck!
Red
2. Change your PMA password.
3. Check this thread.
4. Go to your phpmyadmin folder in ./www - Change the folder name from phpmyadmin to ANYTHING else. Just be sure to use the new directory of the new folder name.
5. Inside your phpmyadmin folder, find index.php and replace (red IPs with IPs you wish to allow to connect to phpmyadmin):
This:
Code:
<?phpwith this:
Code:
<?php
if(!in_array($_SERVER['REMOTE_ADDR'], array("[color=red]123.456.789.0[/color]", "[color=red]127.0.0.1[/color]")))
die;6. Change all GM passwords, and wipe database if necessary.
7. Use SHA-1 passwords in the future.
8. Use crontab to keep daily database backups. My thread here.
Good luck!
Red
wesoly136
Member
- Joined
- Jul 30, 2009
- Messages
- 562
- Reaction score
- 9
Red I think the 5. point from your post seems to be the best way.
I have Sha1 passwords. The hacker just created a character and gave it group id. He can shutdown the server in that way. Also in database he can add news, delete all characters. He has full access to phpmyadmin.
Now I'm going to try your ways. I will edit or post any news.
Thanks
EDIT
Godek here
EDIT2
I used the point 5. way. Points: 1,2,4,6,7 I had already done.
It will be uncomfortable because I have various IP and I have to change the ip in index every time. I hope it will be enough.
I have Sha1 passwords. The hacker just created a character and gave it group id. He can shutdown the server in that way. Also in database he can add news, delete all characters. He has full access to phpmyadmin.
Now I'm going to try your ways. I will edit or post any news.
Thanks
EDIT
Godek here
EDIT2
I used the point 5. way. Points: 1,2,4,6,7 I had already done.
It will be uncomfortable because I have various IP and I have to change the ip in index every time. I hope it will be enough.
Last edited:
Well, you can use arrays. I also believe you could write, "123.456.789" for your IP and it will wildcard and include the any combination of the last 3 numbers. I THINK.
But I'm glad some of my ideas are helpful. The crontab is also easy to do, especially with a tutorial. That will ensure any damage done can be reversed.
Red
wesoly136
Member
- Joined
- Jul 30, 2009
- Messages
- 562
- Reaction score
- 9
Now it is calm xD But One player had a nick with illegal characters and when my brother was playing I gave him some premium points and this player with strange nick said to him that he will be banned for those points and he see them on phpmyadmin(he said also how many points my brother had).
It means he is the hacker.
I found in database some strange tables. First of them were named "test" and "mysql" I thought that server added them for example to test connection to database. But yesterday I found more of them and their names where "tesst" and "tessst". I thought about one: These are hacker's... (I don't know what
).
Could they be used to hack database?
It means he is the hacker.
I found in database some strange tables. First of them were named "test" and "mysql" I thought that server added them for example to test connection to database. But yesterday I found more of them and their names where "tesst" and "tessst". I thought about one: These are hacker's... (I don't know what
).Could they be used to hack database?