Securing a database

**BANDIT007** · 03.09.10, 14:36

PisS on the database name...just rename pass , perm the main thing if u r using lava mainly...just use ur brain and think how the script u r using can be injected

Added after 3 minutes:

If he has edit ur config then it means that he has gues ur paswrd or has used bruteforce enter ur cpanel

**robzky** · 03.09.10, 14:47

Renaming a table is not a solution for this problem, explore and learn.

**ewanz** · 03.09.10, 15:34

give some hint and tips plezzz..

**robzky** · 03.09.10, 15:41

how about our deal before?

**i0nutzxp** · 03.09.10, 17:03

mysql_real_escape_string
$id = (int) $_GET['id'];
replace all sql injection used chars
and many other

**ewanz** · 03.09.10, 18:39

i have alredy did it bef0re.. But still happened t00.. He can c0nquer the database.. H0w t0 bl0ck it?

**m4ster_v4** · 03.09.10, 19:18

er..

Originally posted by ewanz View Post

i have alredy did it bef0re.. But still happened t00.. He can c0nquer the database.. H0w t0 bl0ck it?

Maybe they does't know ur table prefix/name.. they just use current connection from ur db and sent a command that does't need calling table name.. (maybe).. maybe all ur data had been sent to outsider..

**DiL** · 04.09.10, 03:50

add mysql_real_escape_string in your site on every GET and POST
eg;
if your line is like this for GET
$id = $_GET['id'];

than change it as

$id = mysql_real_escape_string($_GET['id']);

for more you can visit php.net

**~~akela~~** · 04.09.10, 04:59

create database password that are very complex to understand. don't use simple password as text or numbers. create different database name and database user name. you may change config permission of that script. you may set config permission as 444 etc that means other user can not hacked .

**ewanz** · 06.09.10, 11:49

i think s0.. But h0w can they kn0w the db user n pwd to connect the db outsider.. Is it phpmyadmin hack?

**something else** · 06.09.10, 11:55

They have probably got a shell script on your server to get your database details

**ewanz** · 06.09.10, 12:21

i had disable the shell excuted in my server and off the uploder.. It possible... S0 c0nfuse n0w

**something else** · 06.09.10, 12:25

how did you disable them ... as there is either a hole there or via sql injection of by use of a wml variable if wml is used?

**ewanz** · 06.09.10, 13:35

hole? I d0nt use wml.. Can u give s0me example,

Securing a database

Securing a database

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment