mairving — Sat, 30 Apr 2005 22:15:24 +0000

Difficult to get help when people try to help you by asking questions and you don't answer.

Check your mysql database and see what is there. If there are any entries in there that use anything in the host field besides localhost, I would remove them or change the password. I would also change the root password as well. Might look at this as well.

andy206uk — Sat, 30 Apr 2005 17:14:42 +0000

Just because something is the latest version, doesn't mean that it's secure. It might be worth portscanning your server and seeing if you have any excess ports open and if you do get them locked down.

I'm not an expert on server security but I know for a fact locking down your server is the first step to security. Also, change all your passwords reguarlly to slow down their future atempts

hey

_sam_ — Sat, 30 Apr 2005 04:38:29 +0000

i have cpanel , and everything TO LATEST VERSION ,even the cpanel ...
I knew how he's hacking me , i have shell disbaled on all accounts , but still he's using mysql shell ! how can i stop that ?

Greg K — Thu, 28 Apr 2005 18:17:31 +0000

Wait a minute, is the same server that you have listed as "My server is secured !" (see http://www.webmaster-forums.net/showthread.php?t=29023 )

Also mentioned in another post, not sure if it is the same server "my site is phpnuke platinum !" (see http://www.webmaster-forums.net/showthread.php?t=29022 ) This information may help others help you find the problem.

If they are the same server, then I feel that you need to edit or delete your post advertising your server is secured until you can fix it.

-Greg

PS. Assisin, I use PHP, so send me the info on the fix to this hack that anyone can use to delete all my databases.

mairving — Thu, 28 Apr 2005 17:55:50 +0000

Really would need more info to give a good guess.

Is it a shared server? You are buying hosting from someone else. Then you should check with your host and let them look in their logfiles.

Is it a dedicated server? Is everything fully patched?

What OS are you running?

Are you using a CMS or other PHP/Perl script? Is it the latest version?

Assassin wrote: If you have PHP enabled, there is a simple hack that can mess up all of your databases. I don't know the fix off the top of my head, but I'll get it to you if this is a possible problem. Let me know if it's possible.

There is no hack that has anything to do with the current versions of PHP. There are certainly cross-scripting and sql injection vulnerabilities in scripts but these are readily identifiable and fixable.

Assassin — Wed, 27 Apr 2005 22:53:59 +0000

If you have PHP enabled, there is a simple hack that can mess up all of your databases. I don't know the fix off the top of my head, but I'll get it to you if this is a possible problem. Let me know if it's possible.

Busy — Wed, 27 Apr 2005 10:27:06 +0000

are you running phpbb, pukenuke or any of the other programs via cpanel?
if so are they updated to latest secure versions?
do your logs show anything?
do you run a cronjob?
Is it your own server or a hosts server? are there any .exe's or files in the root directory that shouldn;t be there (a worm or virus, trojan etc)