I need some linux/SQL security help

This topic is empty.

Viewing 15 posts - 1 through 15 (of 25 total)

1 2 →

Author

Posts
December 11, 2007 at 4:00 pm #606381

Anonymous
Inactive

Well im still getting a table dropped and created every night (containing my aff urls) and of course they are being altered.. I have been digging looking for direct SQL logging and of course reviewing the file system with no results. Anyone want to help me out that would be cool

ty

December 11, 2007 at 5:01 pm #756212

prettie
Member

Didn’t hear nothing about sql logger. Are you hosting your sites on shared hosting or on your own server?

December 11, 2007 at 5:13 pm #756215

Anonymous
Inactive

Its on a dedicated server, so its my own pretty much. I dont have a binary log of SQL looking into that as we speak

just got done backing up the entire site/sql

December 11, 2007 at 5:32 pm #756219

prettie
Member

I suppose that you are running mysql as database server. There is option to log all queries and connected usere, but you need to restart mysql server with some new command line options. But I don’t think that that will solve your problem.

What would I do in your place?
First I would change all passwords including root password. If this happening every day at same time than it must be scheduled somehow. I would look at cronjobs. Then my own scripts, proccesses. I would also do a grep search on hole system with some keywords like table name that are dropped.

December 11, 2007 at 5:56 pm #756222

Anonymous
Inactive

No unusual cron jobs, (the time is not exact each nite, nor can i really say it is every night)

no bad results on rootkit scan (new dl scan)

sql only listens on localhost

I am going to try and grep the text and see what i get

December 11, 2007 at 7:08 pm #756228

Anonymous
Inactive

This is probably obvious but you do put all your variables in the mysql_real_escape_string() before they go into the db?

December 11, 2007 at 7:50 pm #756230

Anonymous
Inactive

For the most part yes, id be more amazed if this is the cause.

I setup mysql binary logging so i should have the answer tomorrow

December 11, 2007 at 7:56 pm #756231

Anonymous
Inactive

Rewards affiliate id 69998 is an ass… lol this pisses me off

December 11, 2007 at 9:36 pm #756238

Anonymous
Inactive

allfreechips – is this guy hacking into your db?
If so ill get on it straight away.

December 12, 2007 at 1:41 am #756267

Anonymous
Inactive

@Renee 147799 wrote:

allfreechips – is this guy hacking into your db?
If so ill get on it straight away.

yeah he used that for my zodiak link

December 12, 2007 at 1:42 am #756268

Anonymous
Inactive

OK mate consider it fixed

December 12, 2007 at 1:48 am #756269

Anonymous
Inactive

Wow… this is crazy. :whoa:

Who is this rogue affiliate? Is he a member of CAP?

December 12, 2007 at 2:09 am #756271

Anonymous
Inactive

I don’t think the offender is an affiliate of CAP…

Cheers

December 12, 2007 at 4:24 am #756281

Anonymous
Inactive

Ty Renee! I hate hese people with the nerver to do such things, I should know his access point by tomorrow

and his IP

December 12, 2007 at 4:40 am #756283

Anonymous
Inactive

Excellent. Please PM me your info once you have it so I can record it on our end.
Cheers
Author

Posts

Viewing 15 posts - 1 through 15 (of 25 total)

1 2 →

Get exclusive CAP network offers from top brands

Menu

For Advertisers

List Your Affiliate Program

iGaming Services

Services Categories

For Advertisers

Sell My Product or Service Now!

Get More Players and Affiliates

Sell Product or Service

Got Questions?

Get in touch!

I need some linux/SQL security help

Get exclusive CAP network offers from top brands

Featured Programs

Featured Programs

Featured Programs

Featured Programs

Featured Programs

Featured Programs

Featured Programs

Featured Programs

Featured Programs

Featured Programs

Featured Programs

List Your Affiliate Program

Services Categories

Sell My Product or Service Now!

Get in touch!