Jump to content

My website is being attacked MYsql getting all sorts of rubbish


Topshed

Recommended Posts

One of my tables "lner" in my steam db is being trashed by an evil person and I need some help and advice please

 

For instance I have a field called 1946# which should show a year and a month eg "1946#Jan" however in a table of 10500 record 7000 have be replace with 255 not all of them had an entry but I need to remove the 255.  I can normaly change field content with something like

 

UPDATE lner
SET 1946# = REPLACE(1946#, "255" , "")

 

However this fails although it works on other fields

 

The evil one has also changed my 255 byte notes (Blob) a with randon 5 digit numbers or just  0

I have no idea how to delete an 0 without wrecking other valid numbers that i  do not want changed.

can I isolate the 0 so it is the only one effected ?

Apart from changing my password again (it has happend before) how else can I protect my data

 

any assistance would be most welcome

 

Regards  Topshed

 

 

 

 

Link to comment
Share on other sites

First off: Forget about your REPLACE queries. Right now, you have much more important issues, namely an attack (or at least a huge problem with your software).

 

You haven't really provided any relevant information, so it's hard to give concrete advice. But you should definitely take this seriously.

  • Shut down the webserver or at least this specific site.
  • If you use insecure protocols like FTP, stop it. Use SSH/SCP/SFTP with public-key authentication. Also download a password manager like KeePass to generate purely random passwords for admin accounts etc.
  • Did you write the code yourself, or is this standard software? If it's a common application, check for updates and carefully read the changelogs as well as all current security advisories. If it's your own code, you need to learn the basics of security and then review every single script.
  • Check your logfiles, especially the PHP error log and the database query log. This may give you important information about what has happened.
  • Fix the problems and restore your data from a clean backup (you do have backups, right?). Also make sure there are no backdoors left anywhere on the server.
  • Check the overall security of your server. Are file permissions kept to a minimum? Does the database role of the application only have the required privileges?

That's a lot, but don't underestimate the problem. Right now, it may look like a harmless script kiddie playing around with your data (or even just a bug), but we don't know that.

Link to comment
Share on other sites

  • 1 month later...

I have to agree with the other replies.

You have far more serious issues on that site and a "quick fix" is a little pointless without addressing the root cause.

Check your logs and check all the forms that process user data to make sure all the data is sanitised and validated properly (server side).

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.