Jezza22 Posted August 23, 2009 Share Posted August 23, 2009 Hi, I believe that I have been hacked because MYSQL administrator Replication Status is showing a entry and I am seeing query's appearing in the Server Logs that I have not sent. I know that I am only to blame here because I have ploughed straight into writing my web application without taking any real notice of any security procedures. I running MYSQL 5.0.67 on windows platform and would like any advice on how to stop the replication and it might have happened. please help, This is some of the entries in the log that I have not sent 1 Query DELETE FROM mysql.db WHERE Select_priv='N' AND Insert_priv='N' AND Update_priv='N' AND Delete_priv='N' AND Create_priv='N' AND Drop_priv='N' AND Grant_priv='N' AND References_priv='N' AND Index_priv='N' AND Alter_priv='N' AND Create_tmp_table_priv='N' AND Lock_tables_priv='N' AND Create_view_priv='N' AND Show_view_priv='N' AND Create_routine_priv='N' AND Alter_routine_priv='N' AND Execute_priv='N' 1 Query FLUSH PRIVILEGES 1 Query SELECT Full_name, Description, Email, Contact_information, Icon FROM mysql.user_info WHERE cast(cast(User AS BINARY) AS CHAR CHARACTER SET utf8)=cast(cast('root' AS BINARY) AS CHAR CHARACTER SET utf8) 1 Query select cast(cast(host AS BINARY) AS CHAR CHARACTER SET utf8) as h, cast(cast(NULL AS BINARY) AS CHAR CHARACTER SET utf8) as o, _utf8'Select_priv' as pn, cast(cast(Select_priv AS BINARY) AS CHAR CHARACTER SET utf8) as pv from mysql.user WHERE cast(cast(User AS BINARY) AS CHAR CHARACTER SET utf8)=cast(cast('root' AS BINARY) AS CHAR CHARACTER SET utf8) 1 Query select cast(cast(host AS BINARY) AS CHAR CHARACTER SET utf8) as h, cast(cast(NULL AS BINARY) AS CHAR CHARACTER SET utf8) as o, _utf8'Insert_priv' as pn, cast(cast(Insert_priv AS BINARY) AS CHAR CHARACTER SET utf8) as pv from mysql.user WHERE cast(cast(User AS BINARY) AS CHAR CHARACTER SET utf8)=cast(cast('root' AS BINARY) AS CHAR CHARACTER SET utf8) Quote Link to comment https://forums.phpfreaks.com/topic/171505-mysql-repliciation-security/ Share on other sites More sharing options...
Jezza22 Posted August 24, 2009 Author Share Posted August 24, 2009 Bump on this please.... However, if my questions can not be answered, is it normal for the replication status, in Mysql Administrator, to be showing an entry with a status of Available?? because "my.ini" has no reference to Server-id and no options are selected on the Replication tab in Mysql Admin..?? which I would take to mean that Replication should not be on?? I am fairly new, so please go easy with me.. Thanks in advance, Jez Quote Link to comment https://forums.phpfreaks.com/topic/171505-mysql-repliciation-security/#findComment-905258 Share on other sites More sharing options...
fenway Posted August 28, 2009 Share Posted August 28, 2009 Do any users have the replication privilege? Quote Link to comment https://forums.phpfreaks.com/topic/171505-mysql-repliciation-security/#findComment-908341 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.