Results 1 to 8 of 8

Thread: Protection od DB

  1. #1
    Join Date
    Jan 2013
    Location
    Greece
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Protection od DB

    Good morning.
    Is there a way to make the MySQL database more secure to avoid hacking on my Joomla websites?

  2. #2
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,162
    Thanks
    263
    Thanked 690 Times in 678 Posts

    Default

    MySQL is a storage format. I don't see how, technically, a storage format can be more secure.

    The server that hosts the MySQL may be insecure, or your password might be easy to guess, or several other things.

    Why are you worried about this? Has something happened?

    One thing that comes to mind is the option of only allowing local connections. If you block remote connections, then your MySQL database cannot be accessed (or hacked) from a remote server, although that obviously doesn't protect it from other kinds of hacking (for example, hacking the server and accessing it locally then), and you couldn't use it remotely yourself if you needed to.


    When you mention Joomla, it sounds like Joomla might be the security problem-- if they're hacking Joomla to get to the database, then it doesn't matter how secure your database is, because Joomla must have access to the database.


    As the phrase goes (more or less), the security is only as strong as the weakest link.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  3. #3
    Join Date
    Jan 2013
    Location
    Greece
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Thank you for your immediate reply.
    Basically, I'll be careful about Joomla core and their extensions.

  4. #4
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,162
    Thanks
    263
    Thanked 690 Times in 678 Posts

    Default

    Is this a theoretical problem? Have you actually been hacked? Are you trying to fix something that is broken, or are you trying to avoid the theoretical potential hacking that might occur?

    As I said, if this is about Joomla, then it's not a question of MySQL. It's about Joomla (and PHP).

    I'm not sure why you're worried about it though-- everything might break or be hacked-- your computer, your server, any software, whatever. But why Joomla in particular?

    I'm not aware of any specific security flaws, and if there is something you're worried about, the best thing to do is probably to update to the latest version of Joomla and post your concerns at the Joomla support website to see if they can be resolved-- if it's a serious security concern, I expect they'd be happy to fix it (and that they'd do it quickly).
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  5. #5
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 517 Times in 503 Posts
    Blog Entries
    5

    Default

    If you're on a shared served (as most people are), you need to understand that there is a degree of insecurity that cannot be avoided. What it comes down to is this: every user on a particular machine can get at anything, with very little effort.

    I'm not suggesting you actually try this.

    Writing a script to read a directory tree is *very simple*. Your website must contain your DB credentials in at least one spot, so it's just a matter of finding the right file. There is no way to close this vulnerability except getting a [virtual] private server.

    There are many other avenues of attack as well, of course; and most people on shared servers are not "out to get" someone on the same server. However, if one site is broken into, all sites on the shared server should be considered compromised as well.

    As Daniel asked, were you actually hacked?

    -- tell your host.

    -- try to determine how the attack was accomplished: what was the point of entry, what was the target?

    -- review everything for vulnerabilities. Check your forms, GET variables, and anything that accesses the database or includes files based on user input.

    Edit:

    backup,
    backup,
    backup!!!


    Last edited by traq; 01-23-2013 at 03:55 PM.

  6. #6
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,162
    Thanks
    263
    Thanked 690 Times in 678 Posts

    Default

    The only thing I'll add to traq's post is:
    --Tell the Joomla developers. They want to avoid this too.
    (If it is due to a general problem with Joomla.)
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  7. #7
    Join Date
    Jan 2013
    Location
    Greece
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Thank you traq and djr 33 for your advice.
    3 of my websites, hosted on the same server, was hacked a week ago.

  8. #8
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,689
    Thanks
    82
    Thanked 89 Times in 87 Posts

    Default

    Are you sure it was your database that was hacked? I believe djr33 was alluding to this earlier that it may be your php files that are giving the hacker access to your database.

    I am only curious because I have a fair amount of experience with my website being hacked. The last time it happened I spent a few months doing nothing but researching how to improve the security on my website. I believe that it was traq that was kind enough to work with me on this. As it turned out the security that was put in place was quite timely because I was able to record several hack attempts almost immediately after they were all put in place.
    To choose the lesser of two evils is still to choose evil. My personal site

Similar Threads

  1. Copyright protection.
    By zimfin in forum HTML
    Replies: 3
    Last Post: 10-04-2008, 07:54 PM
  2. Password Protection
    By berkley in forum HTML
    Replies: 2
    Last Post: 09-05-2008, 12:36 AM
  3. looking for protection
    By oxfire in forum PHP
    Replies: 7
    Last Post: 02-27-2008, 01:49 AM
  4. Password Protection
    By Delta88 in forum Dynamic Drive scripts help
    Replies: 4
    Last Post: 01-29-2008, 09:20 AM
  5. Password Protection
    By codejunkie in forum PHP
    Replies: 1
    Last Post: 09-27-2004, 01:28 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •