I need some linux/SQL security help

  • This topic is empty.
Viewing 15 posts - 1 through 15 (of 25 total)
  • Author
    Posts
  • #606381
    Anonymous
    Inactive

    Well im still getting a table dropped and created every night (containing my aff urls) and of course they are being altered.. I have been digging looking for direct SQL logging and of course reviewing the file system with no results. Anyone want to help me out that would be cool :)

    ty

    #756212
    prettie
    Member

    Didn’t hear nothing about sql logger. Are you hosting your sites on shared hosting or on your own server?

    #756215
    Anonymous
    Inactive

    Its on a dedicated server, so its my own pretty much. I dont have a binary log of SQL looking into that as we speak

    just got done backing up the entire site/sql

    #756219
    prettie
    Member

    I suppose that you are running mysql as database server. There is option to log all queries and connected usere, but you need to restart mysql server with some new command line options. But I don’t think that that will solve your problem.

    What would I do in your place?
    First I would change all passwords including root password. If this happening every day at same time than it must be scheduled somehow. I would look at cronjobs. Then my own scripts, proccesses. I would also do a grep search on hole system with some keywords like table name that are dropped.

    #756222
    Anonymous
    Inactive

    No unusual cron jobs, (the time is not exact each nite, nor can i really say it is every night)

    no bad results on rootkit scan (new dl scan)

    sql only listens on localhost

    I am going to try and grep the text and see what i get

    #756228
    Anonymous
    Inactive

    This is probably obvious but you do put all your variables in the mysql_real_escape_string() before they go into the db?

    #756230
    Anonymous
    Inactive

    For the most part yes, id be more amazed if this is the cause.

    I setup mysql binary logging so i should have the answer tomorrow :)

    #756231
    Anonymous
    Inactive

    Rewards affiliate id 69998 is an ass… lol this pisses me off

    #756238
    Anonymous
    Inactive

    allfreechips – is this guy hacking into your db?
    If so ill get on it straight away.

    #756267
    Anonymous
    Inactive

    @Renee 147799 wrote:

    allfreechips – is this guy hacking into your db?
    If so ill get on it straight away.

    yeah he used that for my zodiak link :(

    #756268
    Anonymous
    Inactive

    OK mate consider it fixed

    #756269
    Anonymous
    Inactive

    Wow… this is crazy. :whoa:

    Who is this rogue affiliate? Is he a member of CAP?

    #756271
    Anonymous
    Inactive

    I don’t think the offender is an affiliate of CAP…

    Cheers

    #756281
    Anonymous
    Inactive

    Ty Renee! I hate hese people with the nerver to do such things, I should know his access point by tomorrow :)

    and his IP

    #756283
    Anonymous
    Inactive

    Excellent. Please PM me your info once you have it so I can record it on our end.
    Cheers

Viewing 15 posts - 1 through 15 (of 25 total)