Results 1 to 3 of 3
  1. #1

    I think mysql db was hacked

    Hi everyone,

    How could I check to see if a mysql database was hacked or see who the last person or IP was to login to the mysql server was? Can this be done with WHM or cPanel?

    The reason I ask is all sites on VPS account encountered mysql connection drops, then 10 minutes later all sites went down for 20 more minutes and when they came back up only one specific bit of data was missing. Data entered after the missing piece is still intact. When the sites were down I was still able to ping them with 0% loss.

    Thanks for any help.

  2. #2
    Join Date
    Feb 2002
    Vestal, NY
    Does anyone have a reason to sabotage your data? If there is not a good reason, it is probably some type of corruption or your host doing something weird. By default, MySQL doesn't do too much logging. I don't think records of each connection to databases is logged anywhere with any of the major control panels' default setup. You could try /var/log/mysql.log. Also check /var/log/secure for anything suspicious.
    If someone else setup your MySQL server, you might just have a query log running.. the path would be in your my.cnf file (usually in /etc or /root).

  3. #3
    Join Date
    Feb 2004

    Use 'w' in your system prompt and know the last login users. From that find the recently logged mysql time and user. Then go through the mysql and see the history of mysql queries used. Through,analyse the recently logged users and get back all the commited queries.

    Better, Secure your mysql server by giving limited priviliges.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts