Welcome to WebmasterWorld Guest from 54.242.63.214

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

make MySQL more secure

account hacked

     

smallcompany

2:51 am on Oct 21, 2011 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Today I went through finding out that my WP blog was hacked and some low IQ text put in.

It turned that it was the INDEX page that was changed, as well as the user_name in My SQL database. I fixed it by logging into My SQL via phpMyAdmin from CP, and by running the brand new installation of WP.

I believe that the hack was done via MySQL, probably automated. I just believe this.

And I wonder if there are any extra settings that I can put in to make those so called MySQL injections, phpMyAdmin hacks, and similar at least one step away when compared to where it is now.

Thanks

Frank_Rizzo

11:21 am on Oct 21, 2011 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



1. Don't use shared hosting. Use a dedicated server
2. Make sure WP is always upto date.
3. Install WP plugins such as

Website Defender
Exploit Scanner
Login LockDown
Secure Wordpress
TAC (Theme Authenticity Checker)
User Locker

4. Follow twitter accounts and blogs such as [blog.sucuri.net...]
5. Make sure your PC is fully protected and regularly updated.

lorax

11:48 am on Oct 21, 2011 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Shared Hosts vary in their level of security. Some are definitely better than others. I assume your install of WP was up to date and that you had secure salts?

Straight from the creator: Hardening WordPress [codex.wordpress.org...]

rocknbil

4:40 pm on Oct 21, 2011 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I wouldn't chock it up to mySQL, I'd chock it up to Wordpress. A good indicator would be, if you'd tried it, to just re-upload your local Wordpress files - that **usually** fixes it, especially if you don't find anything injected in the database.

The ones I've seen always involve the main page and always involve modification of files, not database content (doesn't mean other forms don't exist, but that's what I've seen.)

SteveWh

12:34 am on Oct 22, 2011 (gmt 0)

5+ Year Member



In addition to all of the above,

1. Also ensure all WP plug-ins are up to date.

2. Ensure your passwords for FTP/control panel, WP admin, MySQL are all different from each other and are all strong ones like ?:YC'^>s9m)E or DL2tF4bVsI7qW3.

3. If your control panel provides the option, check to ensure that MySQL connections are not allowed from outside the server (that is, no external connectivity).

4. If you use the TimThumb WP plug-in, do a web search on the vulnerability that was recently found in it, and install the updated version.

5. If your server uses suPHP (if it does, a file created by PHP will be shown as owned by your userID), you can protect the file containing your database info (wp-config.php) from being read by any other user on the same server, by setting its permissions to 0600. If you don't use suPHP (in this case, files created by PHP are shown as owned by "nobody" or "wwwdata" or anyone other than your userID), then you cannot use this method; don't change the permissions.

6. If your server provides SSH access but you don't use it, turn it off in control panel or WHM if there's a place provided for you to do that.

lorax

8:49 pm on Oct 22, 2011 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



@rocknbill

But the hackers could have come in from another website - it's not clear how they got in. WordPress (an any CMS) are vulnerable if they are not tightened down and kept up to date. Heck, the same is true for Apache and MySQL updates. :)

SteveWh

12:07 am on Oct 23, 2011 (gmt 0)

5+ Year Member



as well as the user_name in My SQL database


They changed the name of your MySQL user? That seems very strange.

Make sure that the user/password combination that you use for your WordPress MySQL database is not the same as your cpanel userID/password combination.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month