Results 1 to 6 of 6
  1. #1

    Question mySQL & File Monitoring

    Hey everyone.

    I'm currently third and final year of my bachelors degree in New Zealand, bachelor of computing & information sciences.

    My final year project (not that big, its done concurrently with other papers), was to re-secure an OSCommerce website that was hacked because it wasn't upgraded, and therefore insecure. That's a whole other can of worms that I won't open right now, but the reason I'm coming to you now is for this reason;

    Having secured the website and patched any (known) holes, we need to keep an eye on things to check that nothing bad is happening. How we have been doing this so far is (probably a little.. "newbie" for want of a better word?):

    File Monitoring
    We have been downloading daily backups from the webhost and comparing them of the previous day (just the public_hml folder). This has actually proved pretty easy, as nothing really ever changes unless we change something. We've been using a tool called "Beyond Compare" - which is actually pretty good to use. It lists any files / folders that have changed and allows you to drill right down to the appropriate line number of whats been changed. This allows us to make a really quick decision as to weather the changes made were legit or not.

    Database Monitoring
    This is the part I really need help with - it's not very easy taking an entire database dump and comparing it with the previous days one to check for "malicious" entries, as malicious is a very ambiguous term to start with, and this file is literally thousands of lines long.

    Bare in mind that money is an issue here, we have practically no cash to play with, but really need a way to be checking for "malicious" mySQL changes, each day or each week if we can't get it done daily.

    Also bare in mind I am relatively new to an awful lot of this - so do go easy if I have missed something really obvious that we should be checking that we aren't. As always, suggestions are welcome

    Cheers. It's a great part to be part of this community which I am now visiting daily

  2. #2

    One option is to enable mysql logging and check for update and insert queries. You will get the user and the host who modified the table and the query used.

    Hope this helps.

  3. #3
    Thanks alfoos. Where can I enable this?


  4. #4
    Can't edit above post?? Have to wait 15 minutes. That's pretty silly. What if you make an EPIC mistake?


    I found this;

    However it seems to be a server-wide thing, we are on shared hosting for this site at the moment..

  5. #5
    You can enable logging in my.cnf


    create the file and it should be writeable by mysql process, then restart the service.

  6. #6
    Join Date
    Nov 2004
    Normally poor permissions are paving ways for PHP/MySQL related hacks. Make sure the config files are not writable globally, enabling suphp is a good idea.
    AssistanZ - Beyond Boundaries...
    Cloudstack Consultancy / 24x7 Web Hosting Support / 24x7 Server Management / Infrastructure Management Services
    Web & Mobile Apps Development / Web Designing Services / Php, Grails, Java Development

Similar Threads

  1. File Download Status/Monitoring
    By raidz in forum Hosting Software and Control Panels
    Replies: 0
    Last Post: 07-30-2009, 02:05 PM
  2. MySQL Monitoring
    By :Sye: in forum Web Hosting
    Replies: 5
    Last Post: 10-05-2007, 04:05 AM
  3. Monitoring Individual File Bandwidth Usage
    By xxkylexx in forum Hosting Software and Control Panels
    Replies: 2
    Last Post: 07-06-2006, 06:24 PM
  4. Replies: 4
    Last Post: 10-01-2001, 05:06 PM
  5. monitoring file usage
    By Svenneman in forum Dedicated Server
    Replies: 2
    Last Post: 08-18-2001, 06:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts