Announcement

Collapse
No announcement yet.

Is there a way to log sql modifications of a particular value?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is there a way to log sql modifications of a particular value?

    I recently had a very scary thought.

    What if a hacker gained full access to the mysql database, they could change the subscriptions paypal email, and if they're not stupid, they would change it 2.5 hours per day and revert it, so they would hijack 1/10 of the subscriptions and the owner would not notice anything suspicious, so they could continue forever.

    Is there a way to be protected from such a hack? Or at least is there a way to get alerts or log the changes made to the paypal email in the mysql database ?

  • #2
    The best way to protect from such attacks is to make your server is secure. vBulletin has no control over direct access to MySQL. The simplest way to protect MySQL is to make sure that remote access is extremely limited, if not disabled altogether. Using a different user and strong password for every database is also recommended. Don't use your root user for access. MySQL also supports "At-Rest Encryption" to protect against an overall server breach but that won't protect against using a proper username and password.

    vBulletin does not log queries. There are various methods to log changes via the MySQL Server and covered in their documentation.

    In vBulletin 5, it is recommended to use the latest supported version of PHP, strong passwords with the Argon2id password scheme, and multi-factor authentication for Administrators and Moderators.



    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API

    Comment


    • #3
      Originally posted by Wayne Luke View Post
      The best way to protect from such attacks is to make your server is secure. vBulletin has no control over direct access to MySQL. The simplest way to protect MySQL is to make sure that remote access is extremely limited, if not disabled altogether. Using a different user and strong password for every database is also recommended. Don't use your root user for access. MySQL also supports "At-Rest Encryption" to protect against an overall server breach but that won't protect against using a proper username and password.

      vBulletin does not log queries. There are various methods to log changes via the MySQL Server and covered in their documentation.

      In vBulletin 5, it is recommended to use the latest supported version of PHP, strong passwords with the Argon2id password scheme, and multi-factor authentication for Administrators and Moderators.


      ok I understand you don't have to explain me how sql works, I respect that

      Anyway I thought of a way to detect that kind of sneaky attack and though it's not 100% perfect I'm going to share it regardless.
      Create a cron job to backup the datastore table every 30min for 24h. Then compare the backups manually to see if some settings were changed. This way you should be able to detect an automated hack of your important settings. It's not 100% bulletproof but that's good enough for me.

      Comment

      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
      Working...
      X