Announcement

Collapse
No announcement yet.

Can hacker secretly compromise database?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can hacker secretly compromise database?

    Hi -

    I don't really think my box has been rooted, but I do have a little nagging feeling for some reason. I'm about to move to a new server so this old server itself I don't really care about -- however I'm curious - is it possible for a hacker to modify/insert things into my vB database that would then be carried over to the new server, thus giving them access to the new server as well? And if so, is there any feasible way to check for something like that?

    Heh I'm probably over-reacting I know. But I'm still curious about this. I'm trying to lock down my new box better than Fort Knox, but it would all be for nothing if it were compromised from within hehe

    Thanks in advance for the advice.
    Peace.
    -- David
    + TutorialForums.com
    + Photoshop-Tips.com

  • #2
    Hi,
    It happend to me once. Someone was able to change things in the database *directly* without hacking the root.

    I'm not sure how it happened. But I DID SAW IT

    I was using mysql on root and the guy kept changing cp password & admin email.

    I moved to another hosting company and things are OK now.

    This was 4 months a go & til this day I have no idea how it happned !!

    Take care,
    RL

    Comment


    • #3
      Unless someone inserted something into the internal MySQL user/permission database (*not* the vB user table, rather MySQL's internal tables that track who has permission to access what databases), and you move that database to the new server, anything someone inserted into the MySQL permission table would not carry over.

      This is all presuming the user somehow managed to get into the permission table in the first place.

      Comment


      • #4
        Ok cool... so basically you're saying that there's not really anything anyone could insert into my vBulletin database itself that could be used to compromise my new server (well besides a new vB 'administrator' user or something, but that would just give access to the forum not the server)... correct me if I'm mistaken.

        Thanks.
        -- David
        + TutorialForums.com
        + Photoshop-Tips.com

        Comment


        • #5
          Right, particurally considering that a database dump is just a series of MySQL statements and all they do is restore the db schema and contents, not permissions and users.
          --filburt1, vBulletin.org/vBulletinTemplates.com moderator
          Web Design Forums.net: vB Board of the Month
          vBulletin Mail System (vBMS): webmail for your forum users

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X