Kodii 0 Posted March 26, 2015 Share Posted March 26, 2015 Hello, I come to ask you some information about a subject. Recently, several servers (including mine) are deleted tables in the database. We made several test and it would pass through a port. The Port 15000 (BIND_PORT) Whoever is in the DB config file. Alternatively, I thought it could come from DB_PORT and DB_ADDR. But I'm not sure. Mysql connections are secure. Have you ever heard of this? Thanks Link to comment Share on other sites More sharing options...
Kodii 0 Posted March 27, 2015 Author Share Posted March 27, 2015 In fact, I do not know if it goes through this port. But I really think it requires the user localhost. I am on line 2012. You have an idea? Link to comment Share on other sites More sharing options...
Alina 235 Posted March 27, 2015 Share Posted March 27, 2015 Are you sure the mysql connections are secured? Maybe you made a mistake there, e. g. you gave a user password to someone and he leaked or misused it. Or maybe you made a mistake with locking everything up. Most attacks are made by the homepage. People break in there and are able to launch sql statements there since most SQL users used for homepages have too high privileges. We need a bit more information if you want us to help you. I know those things are private so maybe you can provide us with logfiles so we can see what actually happened there. Otherwise it's impossible for us to track down the way he breached your security for you Link to comment Share on other sites More sharing options...
Premium Galet 515 Posted March 27, 2015 Premium Share Posted March 27, 2015 Some French server have this problem, but there's some possibles fix found by us both : -Rename MySQL databases and decrease the localhost power. -Block all the entries in port 15000 except "localhost". -Change the port. Link to comment Share on other sites More sharing options...
Alina 235 Posted March 28, 2015 Share Posted March 28, 2015 Port change isn't going to work. Normally the firewall should deny P2P ports and the db cache port. But that's not quite doing it. The dbcache is only a part, the gamecore instead also needs database access and connects with it. So I guess connecting from outside to the dbcache won't do the trick alone. Especially no one out there could actually manage to make use of that. Buuut what's more important is that there may be security breaches you aren't aware of. Most people don't know their homepage script well. It's, as I said, the most cause of trouble since if there's something an attacker could use, he'd easily get access to the database. And not everyone limits permissions, so most likely they'll get root access in worst cases. Then there's nothing to wonder about if they delete the database. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now