SQL issue I don't understand

Forum Moderators: open

Message Too Old, No Replies

SQL issue I don't understand

txbakers

7:11 pm on Jan 11, 2009 (gmt 0)

I have a query that join two tables and I've set the indexes in the DB (mySQL). the query seems to run fine.

I've gotten in the habit of running a "describe" before the select to make sure it's using the proper index, keys, etc. and that has helped.

I've also been monitoring the threads in the mySQL Administrator to see what might be bogging down the database.

I've noticed that there are several threads popping up as: "select * from contacts". I've checked and rechecked the code for the app and no where do I use 'select * from contacts' so the db engine must be asking for that somehow/somewhere.

is there was I can find out why that query is being run and put a stop to it?

Thanks.

LifeinAsia

4:31 pm on Jan 12, 2009 (gmt 0)

It could be that someone has hacked into your DB. I would suggest changing your passwords ASAP and see if that stops it. If not, you'll have to do some more investigation as to where the queries are coming from (sorry- I don't know enough about MySQL to offer advice on the specifics).

txbakers

4:44 pm on Jan 12, 2009 (gmt 0)

Thanks, I don't think that's the problem as there would have been much more damage. It's same two select * from showing up. I suspect it's an index/key issue but I'm still hunting for it.

Demaestro

5:12 pm on Jan 12, 2009 (gmt 0)

Do you have any triggers set on any of the tables?

[edited by: Demaestro at 5:13 pm (utc) on Jan. 12, 2009]

txbakers

5:29 pm on Jan 12, 2009 (gmt 0)

no triggers

Demaestro

6:52 pm on Jan 12, 2009 (gmt 0)

hmm weird... I would also wager that it is some internal DB function that gets run. Maybe it is the index re-querying stuff.

The only other thing I can think of is if you had a cron outside the code base checking for something. I know I sometimes forget to check crons when I go over the codebase looking for something, that and functions/stored procedures I seem to over look a lot.

Is there anything in the user manual that explains the DB internal routines used for indexing?

[edited by: Demaestro at 6:53 pm (utc) on Jan. 12, 2009]

rocknbil

4:26 pm on Jan 13, 2009 (gmt 0)

as there would have been much more damage

Not necessarily, if they are hacking it to collect email they'd want to keep that game running as long as possible without being discovered.

LifeinAsia

4:30 pm on Jan 13, 2009 (gmt 0)

as there would have been much more damage

Not necessarily, if they are hacking it to collect email they'd want to keep that game running as long as possible without being discovered.

It could also be that the only purpose of the original hack was to expose saved e-mail addresses (as rocknbill suggested), and the hack is continuing to be exploited by many people besides the original hacker.

Also, just because they haven't done more damage yet is no guarantee that the hacker(s) won't do further damage later once they get bored with their other hacked sites.