MySql hacked

Discussion in 'Server Operation' started by perfectpol7, Feb 16, 2011.

  1. perfectpol7

    perfectpol7 New Member

    Hie! My Linux server which is running my company website have been hacked. Today I saw a number of clients (customers) with some fun characters entries on my database (mySql). Access denial on really clients. Please assist, am running Linux Ubuntu 9 and I dont know where to start troubleshooting this. let me confession that I am still on the learning curve on Linux
  2. zcworld

    zcworld New Member

    make sure,you got backup of data

    step2 make sure there are no root user accounts without passwords

    make sure ROOT account got a nice long password

    make an account that you can use as-like root

    make sure that connects are localhost only

    this is some of the simple things

    just google locking down mysql
    to get more help

    at the time, i would take down the SQL server,
    or block port 3306 from being accessed from the internet
  3. Ben

    Ben ISPConfig Developer ISPConfig Developer

    At first you should imho discover the source of the issue. It won't help disabling the network side access to the db server in general, if the vulnerability belongs to a (web)application that does not verify the userinput / db data output. This should be located and fixed among other points.
    Depending on what kind of application it is, you should also consider verifying it for other vulnerabilites of that kind, e.g. see the OWAS Top 10 (

    When thinking about recovering the server, either you built it up from scratch, reinstall the (patched !) application (if it was vulnerable) and restore the DB content from a verified to be clean backup (if possible).
    Otherwise you should try to find the most recent but clean backup, restore from that. Except the first solution it depends on the damage (if you the whole), e.g. you might have some bad content in your db vs. having a kernel rootkit on your server.

    Regarding the password change, it is always helpful the change them on a regular basis.

Share This Page