Announcement

**ffaBen** · Wed 6 Aug '03, 12:19pm

Sounds like they're probably going straight to the MySQL Database.
A few things you might want to consider:
a) If you're on a shared hosting package, someone else on the server might be able to retrieve your config.php and access your DB.
b) See if your host can protect MySQL from being remotely accessed, will probably be a bit useless if it's on the same machine as Apache, and the hacker has a shell session open on the server and connecting to it via that.

**kimtrish** · Wed 6 Aug '03, 12:24pm

Originally posted by ffaBen

Sounds like they're probably going straight to the MySQL Database.
A few things you might want to consider:
a) If you're on a shared hosting package, someone else on the server might be able to retrieve your config.php and access your DB.
b) See if your host can protect MySQL from being remotely accessed, will probably be a bit useless if it's on the same machine as Apache, and the hacker has a shell session open on the server and connecting to it via that.

hi, thanx for the super quick reply, its on a dedicated server.

not sure if that helps.

**mtha** · Wed 6 Aug '03, 1:23pm

- Change all root/admin/server passwords as well as MySQL root/account passwords
- Turn php safemode ON
- Check your web server (sites) to see if there's any strainge files and investigate it
- Check http access log
- temporary turn off/remove phpMyAdmin, set .htaccess to all important folders.

that's what I can think of for right now.

Good luck

my site was being forwarded to another site for a few minutes

Check your index.php files to see if it was changed.
Did you do a ping to your site, to see if it goes to the correct IP?
(otherwise, it would be DNS problem too)

It sounds like he got access to your ftp, or be able to view/change your files.

Announcement

Hacked again!

Hacked again!

Comment

Comment

Comment