- This topic is empty.
-
AuthorPosts
-
December 11, 2007 at 5:01 pm #756212
prettieMemberDidn’t hear nothing about sql logger. Are you hosting your sites on shared hosting or on your own server?
December 11, 2007 at 5:13 pm #756215Anonymous
InactiveIts on a dedicated server, so its my own pretty much. I dont have a binary log of SQL looking into that as we speak
just got done backing up the entire site/sql
December 11, 2007 at 5:32 pm #756219
prettieMemberI suppose that you are running mysql as database server. There is option to log all queries and connected usere, but you need to restart mysql server with some new command line options. But I don’t think that that will solve your problem.
What would I do in your place?
First I would change all passwords including root password. If this happening every day at same time than it must be scheduled somehow. I would look at cronjobs. Then my own scripts, proccesses. I would also do a grep search on hole system with some keywords like table name that are dropped.December 11, 2007 at 5:56 pm #756222Anonymous
InactiveNo unusual cron jobs, (the time is not exact each nite, nor can i really say it is every night)
no bad results on rootkit scan (new dl scan)
sql only listens on localhost
I am going to try and grep the text and see what i get
December 11, 2007 at 7:08 pm #756228Anonymous
InactiveThis is probably obvious but you do put all your variables in the mysql_real_escape_string() before they go into the db?
December 11, 2007 at 7:50 pm #756230Anonymous
InactiveFor the most part yes, id be more amazed if this is the cause.
I setup mysql binary logging so i should have the answer tomorrow
December 11, 2007 at 7:56 pm #756231Anonymous
InactiveRewards affiliate id 69998 is an ass… lol this pisses me off
December 11, 2007 at 9:36 pm #756238Anonymous
Inactiveallfreechips – is this guy hacking into your db?
If so ill get on it straight away.December 12, 2007 at 1:41 am #756267Anonymous
Inactive@Renee 147799 wrote:
allfreechips – is this guy hacking into your db?
If so ill get on it straight away.yeah he used that for my zodiak link
December 12, 2007 at 1:42 am #756268Anonymous
InactiveOK mate consider it fixed
December 12, 2007 at 1:48 am #756269Anonymous
InactiveWow… this is crazy. :whoa:
Who is this rogue affiliate? Is he a member of CAP?
December 12, 2007 at 2:09 am #756271Anonymous
InactiveI don’t think the offender is an affiliate of CAP…
Cheers
December 12, 2007 at 4:24 am #756281Anonymous
InactiveTy Renee! I hate hese people with the nerver to do such things, I should know his access point by tomorrow

and his IP
December 12, 2007 at 4:40 am #756283Anonymous
InactiveExcellent. Please PM me your info once you have it so I can record it on our end.
CheersDecember 12, 2007 at 2:31 pm #756312Anonymous
InactiveSomehow he is running a VB cron that initiates a TRUNCATE TABLE, then addds all the data back in.. strill tracking the entire process
IP 75.83.153.248
– – [10/Dec/2007:18:55:07 -0600“GET /phpBB2/cron.php?rand=911745 HTTP/1.1” 200 43 “http://www.allfreechips.com/casino_guide/no-deposit-casinos.html” “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)”
-
AuthorPosts