Topshed Posted February 3, 2016 Share Posted February 3, 2016 One of my tables "lner" in my steam db is being trashed by an evil person and I need some help and advice please For instance I have a field called 1946# which should show a year and a month eg "1946#Jan" however in a table of 10500 record 7000 have be replace with 255 not all of them had an entry but I need to remove the 255. I can normaly change field content with something like UPDATE lnerSET 1946# = REPLACE(1946#, "255" , "") However this fails although it works on other fields The evil one has also changed my 255 byte notes (Blob) a with randon 5 digit numbers or just 0 I have no idea how to delete an 0 without wrecking other valid numbers that i do not want changed. can I isolate the 0 so it is the only one effected ? Apart from changing my password again (it has happend before) how else can I protect my data any assistance would be most welcome Regards Topshed Quote Link to comment https://forums.phpfreaks.com/topic/300726-my-website-is-being-attacked-mysql-getting-all-sorts-of-rubbish/ Share on other sites More sharing options...
Jacques1 Posted February 4, 2016 Share Posted February 4, 2016 First off: Forget about your REPLACE queries. Right now, you have much more important issues, namely an attack (or at least a huge problem with your software). You haven't really provided any relevant information, so it's hard to give concrete advice. But you should definitely take this seriously. Shut down the webserver or at least this specific site. If you use insecure protocols like FTP, stop it. Use SSH/SCP/SFTP with public-key authentication. Also download a password manager like KeePass to generate purely random passwords for admin accounts etc. Did you write the code yourself, or is this standard software? If it's a common application, check for updates and carefully read the changelogs as well as all current security advisories. If it's your own code, you need to learn the basics of security and then review every single script. Check your logfiles, especially the PHP error log and the database query log. This may give you important information about what has happened. Fix the problems and restore your data from a clean backup (you do have backups, right?). Also make sure there are no backdoors left anywhere on the server. Check the overall security of your server. Are file permissions kept to a minimum? Does the database role of the application only have the required privileges? That's a lot, but don't underestimate the problem. Right now, it may look like a harmless script kiddie playing around with your data (or even just a bug), but we don't know that. Quote Link to comment https://forums.phpfreaks.com/topic/300726-my-website-is-being-attacked-mysql-getting-all-sorts-of-rubbish/#findComment-1530736 Share on other sites More sharing options...
benanamen Posted February 4, 2016 Share Posted February 4, 2016 Without seeing your code it is difficult to say how things are happening. My first thought is that you have outdated insecure code. Let us see what your working with. Quote Link to comment https://forums.phpfreaks.com/topic/300726-my-website-is-being-attacked-mysql-getting-all-sorts-of-rubbish/#findComment-1530737 Share on other sites More sharing options...
JohnHaywood Posted March 16, 2016 Share Posted March 16, 2016 I have to agree with the other replies. You have far more serious issues on that site and a "quick fix" is a little pointless without addressing the root cause. Check your logs and check all the forms that process user data to make sure all the data is sanitised and validated properly (server side). Quote Link to comment https://forums.phpfreaks.com/topic/300726-my-website-is-being-attacked-mysql-getting-all-sorts-of-rubbish/#findComment-1532042 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.