My website is being attacked MYsql getting all sorts of rubbish

[Topshed]

One of my tables "lner" in my steam db is being trashed by an evil person and I need some help and advice please

 

For instance I have a field called 1946# which should show a year and a month eg "1946#Jan" however in a table of 10500 record 7000 have be replace with 255 not all of them had an entry but I need to remove the 255.  I can normaly change field content with something like

 

UPDATE lner
SET 1946# = REPLACE(1946#, "255" , "")

 

However this fails although it works on other fields

 

The evil one has also changed my 255 byte notes (Blob) a with randon 5 digit numbers or just  0

I have no idea how to delete an 0 without wrecking other valid numbers that i  do not want changed.

can I isolate the 0 so it is the only one effected ?

Apart from changing my password again (it has happend before) how else can I protect my data

 

any assistance would be most welcome

 

Regards  Topshed

 

 

 

 

[Jacques1]

First off: Forget about your REPLACE queries. Right now, you have much more important issues, namely an attack (or at least a huge problem with your software).

 

You haven't really provided any relevant information, so it's hard to give concrete advice. But you should definitely take this seriously.

• Shut down the webserver or at least this specific site.
• If you use insecure protocols like FTP, stop it. Use SSH/SCP/SFTP with public-key authentication. Also download a password manager like KeePass to generate purely random passwords for admin accounts etc.
• Did you write the code yourself, or is this standard software? If it's a common application, check for updates and carefully read the changelogs as well as all current security advisories. If it's your own code, you need to learn the basics of security and then review every single script.
• Check your logfiles, especially the PHP error log and the database query log. This may give you important information about what has happened.
• Fix the problems and restore your data from a clean backup (you do have backups, right?). Also make sure there are no backdoors left anywhere on the server.
• Check the overall security of your server. Are file permissions kept to a minimum? Does the database role of the application only have the required privileges?

That's a lot, but don't underestimate the problem. Right now, it may look like a harmless script kiddie playing around with your data (or even just a bug), but we don't know that.

[benanamen]

Without seeing your code it is difficult to say how things are happening. My first thought is that you have outdated insecure code. Let us see what your working with.

[JohnHaywood]

I have to agree with the other replies.

You have far more serious issues on that site and a "quick fix" is a little pointless without addressing the root cause.

Check your logs and check all the forms that process user data to make sure all the data is sanitised and validated properly (server side).