Database Issues

[AbbieRose]

It recently came to my attention that a bunch of websites that I had worked on had database vulnerabilities. It was such a simple hack-and it wasn't my fault. It has since been resolved.

Do you have these things tested on your sites?

 

[HostEase]

I don't test it on my sites.I think I will test it later.

 

[handsonhosting]

Depends on the test. We do a number of internal tests, we also use McAfee and Comodo for their server intrusion and site security scans (those scans pick up all sorts of stuff on servers that we lock down).

I'd be interested to hear what intrusion you run into and what test you ran to check and resolve it. If you'd prefer to discuss this or share code via PM, please do so - I'm always looking at extra security - even for the HD Forums here since we maintain the servers for them!

 

[thewebhostingdi]

It seems that you have faced the issue of SQL injection. In this code is injected & it exploits a security vulnerability which occurs in the database layer of an application.

 

[jlynch]

I haven't checked into the databases on the sites that I work with, but we did just have a problem with one of them last weekend. There was some vulnerability that a hacker got into. We resolved it, but it took a few days.

 

[bjdea1]

Mod_Security is designed specifically to prevent SQL injection attacks. If you have a good Mod_Security Ruleset that will go a long way to protect all MySQL Databases on the server.

 

[tom.schavo]

No that is one thing i need to look into. But most of the hosting services have good security, hence i don't get bothered.

 

[XStream-Hosting]

looks like a inject =/

 

[devonblzx]

Just always make sure the dbconnect/config file is not writable. This will stop a lot of attacks.

 

[jlynch]

Why will that make sure that the attacks don't happen? Will that prevent hackers from changing the code? I wouldn't have thought of that, but it sounds like a good defense.

 

[OwlMan]

While the DB itself might be secure, the PHP or ASP files might have some exploits and as such, it's important to make sure that the script you're using is secure as if it's not, you'll probably get hacked especially if you're using an outdated script that's well-known (yes, even commercial ones).

 

[shockym]

Most times when I see or hear about this going on, someone thinks they know everything about everything and 'tinker around' then poof, script and exploit out the wazoo.