Tuesday, June 20, 2006

hacked

nice.

serversniff has a bunch of security-holes, and we are watching closely what people are doing here - and really, someone noticed that it was quite easy to get a glimpse of the mysql-log-database.

the evil hacker might have been a scriptkid, for he obviously got acces to the mysql-db, used an unkown (at least to major search-engines) mysql-exploit-script trying to create files on the system. the mysql-db died on the way to his goal.

the attacker created (and then deleted or emptied) several tables in the db mysql:

"SNOWHILL"
"db" - nice - contains all passwords from table "user" in cleartext!
"dat" - used to execute commands on the host
"fm" - contains php-code to upload files and execute commands
local - slightly different from "dat"
sploitdb - slightly different from "dat"
wip3r - slightly different from "dat"

It seems, that the guy used at least 4 slightly different exploits targeting to the same problem.

Better luck next time.

tom

5 comments:

Anonymous said...

Hello.

I was wondering if you could help me out by providing info on how were able to secure your database. I think I may be suffering from the same problem.

My email address is aethermanas-at-contralux-dot-com.

Thankyou.

thomas said...

there are three main reasons for mysql-dbs to get hacked:

1) a mysql-user root without any password
use mysqladmin to delete the user "test" and and set a password for the mysql-user root that cannot be easily guessed
2) a unsecured phpmyadmin-installation
if you are using an insecured and easy to find webadmin-tool, think about password-protecting this stuff
3) an insecure webapplication using mysql
this is a bit too difficult to explain in three sentences.

but chances are, that you fell pray to 1) or 2)

tom

voyance gratuite en ligne par mail said...

Wow what a nice efforts.Congratulation about his post.I am impressed from it.Can you more share with me.I will come back as soon.

Unknown said...

Blog are goods for every one where we get all information we needed nice job keep it up !
voyance par mail

rosy123 said...

Congratulations to all those who ensure the smooth running of this beautiful blog !!

voyance mail gratuit en ligne