Access to mySQL Database

Nixon

Hi,

I have recently had a problem with one of my old websites. It got hacked by a script kiddie (embarrasing I know) and he managed to delete all my mysql databases. I have reinstated them due to the fact that I kept backups but how would I stop this happening again. He also had read, write edit access. If you want to try some possible options: http://outlink.coolfreepage.com - Thanks.

swr

The usual way of gaining access to a database is by knowing or guessing the password to the database, or by SQL injection.

Passwords are easy enough to deal with; just use strong passwords. If possible, put the MySQL server behind a firewall, and/or use the skip-networking option in my.cnf.

On a shared server, other people can usually (with the right know-how) read your .php files and get database passwords that way. If you are concerned about security, it's better to get a dedicated (or virtual dedicated) server.

SQL injection is an application programming error, and a fairly common one. Google for "SQL injection" for more info. Using PHP's magic_quotes_gpc setting (which is on by default) will usually protect naive applications from SQL injection. If you want/need to run with magic_quotes_gpc off, or if the code does stripslashes() (or equivalent) to nullify magic quotes, you'll need to examine the code to find places where it is vulnerable.