hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Mysql attacked
Reply

Forum Jump

Mysql attacked

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old
Web Hosting Guru
 
Join Date: Apr 2005
Location: Singapore
Posts: 302

Mysql attacked


My mysql server is attacked heavily to one site on my server and make whole server load extremely high up to 120 and memory usage up to 90%
My server is dual opteron 244 with 4GB ram.
Any idea to prevent Mysql attack?



Sponsored Links
  #2  
Old
Web Hosting Master
 
Join Date: Oct 2004
Location: Kerala, India
Posts: 4,740
Can you make it a little more clear? Is it like the connections are not properly closing?
A poorly coded script can cause this. A little more explanation is appreciated.

  #3  
Old
Web Hosting Guru
 
Join Date: Apr 2005
Location: Singapore
Posts: 302
somebody attack my server sql remotely make all the queries can not be completed

Sponsored Links
  #4  
Old
Aspiring Evangelist
 
Join Date: May 2004
Posts: 448
Are they attacking the mysql server directly or using one of the insecure php scripts you have in your server?

If it is the former case, make sure that you don't have wild card entries under the hostname allowed for the database. If it is through some insecure php scripts, update the scripts, tighten php by disabling dangerous functions and install mod_security. These will add extra layers of security.

If you do not know how to do it, hire some good admin to do it.

__________________
Geeks4Help.com - leader in world class security and server management
With us in control of your servers, you can have your full night's sleep.

  #5  
Old
Web Hosting Guru
 
Join Date: Apr 2005
Location: Singapore
Posts: 302
They are attacking through search page of a phpbb forum

  #6  
Old
Web Hosting Guru
 
Join Date: Apr 2006
Posts: 296
Are you aware of SQL Injection ?

for example "SELECT * FROM Customers WHERE Name=" + variable, is the format in which you write your business logic. and if somebody passes variable as "'xyz'; delete from Customers" your entire query becomes

"SELECT * FROM Customers WHERE Name='xyz'; delete from Customers"

which is the way how someone can use search module or use any of your module to inject more dangerous sql and harm your server. Make sure phpbb forum is sql injection free, or if its not then disable the search till the time you resolve this issue.

__________________
- Akash Kava
My Blog
Web Atoms JS

  #7  
Old
Aspiring Evangelist
 
Join Date: Mar 2006
Posts: 418
what's your phpbb version that you are running? I would suggest you to install mod_security as geeks4help suggest and insert some rules that will help you elimiate the problems.

Reply

Related posts from TheWhir.com
Title Type Date Posted
Tesora's OpenStack DBaaS Supports MongoDB, Cassandra, Redis, and MySQL Web Hosting News 2014-05-23 14:53:11
Google Releases Hosted Database Service Cloud SQL to General Availability Web Hosting News 2014-02-12 13:46:02
Google Cloud Provides Support For Native MySQL Connections Web Hosting News 2013-11-01 14:36:06
PHP And MySQL Scaling: Preparing A Startup For Growth Blog 2014-04-24 13:27:35
Apache Malware Darkleech Spreads Rapidly with Increase in Attacks Web Hosting News 2013-07-03 12:11:03


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:
WHT Membership
WHT Membership



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?