Database logs

fernyburn

Hi,
I hope someone could answer my question, if you can please write it simply, as Im a total novice 🙂

I am running a site and I have been having a few problems with one database table, in that Im sure that someone has been messing with it, I think I know who is getting in, and deleating the information, deleating rows ect, but unfortunatly I know of no way to track them, and confirm my suspicions

I use cpanel, and obviously my raw access logs only show hits to the site, not access to the database.

I have spoken to my webhost who assures me, that there is absolutly nothing he can do about it, and advised me to change my passwords, but as this person is probably getting in through a php script, changing the password is pointless because they can still get in.

I have been told by a programmer that I can get mysql access logs from my webhost, but my webhost hasnt even heard of them.

Please could someone try to answer these questions

1) Is there any way that I can see who has had access to mysql
2) is there such a thing as mysql access logs
3) if the answer is yes, where, and how do I install them

As I said before the intruder isn't getting in through cpanel,
If anyone has any help or advice they can give me, I will be very grateful.
Thanks

stolzyboy

not too sure about the access logs, but are you sure he isn't breaking in thru telnet then accessing mysql, regardless how, i would change all passwords you can

robinjohn

(s)he may be deleting your info by escaping any sql statements that are being sent to the DB and following the escape with a delete query. Make sure that any form info is checked extensively before you execute it as part if any SQL statement. I suppose another thing you could do is to make sure that you don't have have obvious sounding table names that an attacker could guess at.

-don't know if it helps but I just thought I'd throw in my 2 cents
Rob.

fernyburn

I dont know, I guess he could be getting in through telnet, but again, is there any way I would know who and when ?

if a database was hacked, how do people find out who did it ?

jweissig

hi,

what database are you using? I know of a couple ways to track what SQL statments are run on the server.. i need to know what server though?

justin

fernyburn

erm...

Im using Mysql Version 3.23.54
PHP Version 4.2.3
Apache Version 1.3.27 (Unix)
Operating System Linux
phpMyAdmin 2.3.2 through cpanel

does any of that give you the information that you need ??

jweissig

hi,

yes, if you are running MySQL you can enable logging of the SQL statments which are executed on the server by running the MySQL binary using the "--log" switch.

check out http://www.mysql.com/doc/en/Log_file_maintenance.html

basically you can run "./safe_mysqld --log" or "./safe_mysqld --log=/place/to/store/log.txt"

hope this helps.

Justin

fernyburn

Hi Justin,
Hey thanks fot that, At least I know now that there are log files, all I gotta do is figure out how to understand them.

As I said I am a complete novice at mysql. I can browse, export, and import data into a database, but not a great deal else

this command

basically you can run "./safe_mysqld --log" or "./safe_mysqld --log=/place/to/store/log.txt"

where exactly do I run it, as I said I use cpanel, and phpmyadmin !!