Protection od DB

[artonweb]

Good morning.
Is there a way to make the MySQL database more secure to avoid hacking on my Joomla websites?

[djr33]

MySQL is a storage format. I don't see how, technically, a storage format can be more secure.

The server that hosts the MySQL may be insecure, or your password might be easy to guess, or several other things.

Why are you worried about this? Has something happened?

One thing that comes to mind is the option of only allowing local connections. If you block remote connections, then your MySQL database cannot be accessed (or hacked) from a remote server, although that obviously doesn't protect it from other kinds of hacking (for example, hacking the server and accessing it locally then), and you couldn't use it remotely yourself if you needed to.


When you mention Joomla, it sounds like Joomla might be the security problem-- if they're hacking Joomla to get to the database, then it doesn't matter how secure your database is, because Joomla must have access to the database.


As the phrase goes (more or less), the security is only as strong as the weakest link.

[artonweb]

Thank you for your immediate reply.
Basically, I'll be careful about Joomla core and their extensions.

[djr33]

Is this a theoretical problem? Have you actually been hacked? Are you trying to fix something that is broken, or are you trying to avoid the theoretical potential hacking that might occur?

As I said, if this is about Joomla, then it's not a question of MySQL. It's about Joomla (and PHP).

I'm not sure why you're worried about it though-- everything might break or be hacked-- your computer, your server, any software, whatever. But why Joomla in particular?

I'm not aware of any specific security flaws, and if there is something you're worried about, the best thing to do is probably to update to the latest version of Joomla and post your concerns at the Joomla support website to see if they can be resolved-- if it's a serious security concern, I expect they'd be happy to fix it (and that they'd do it quickly).

[traq]

If you're on a shared served (as most people are), you need to understand that there is a degree of insecurity that cannot be avoided. What it comes down to is this: every user on a particular machine can get at anything, with very little effort.

I'm not suggesting you actually try this.

Writing a script to read a directory tree is *very simple*. Your website must contain your DB credentials in at least one spot, so it's just a matter of finding the right file. There is no way to close this vulnerability except getting a [virtual] private server.

There are many other avenues of attack as well, of course; and most people on shared servers are not "out to get" someone on the same server. However, if one site is broken into, all sites on the shared server should be considered compromised as well.

As Daniel asked, were you actually hacked?

-- tell your host.

-- try to determine how the attack was accomplished: what was the point of entry, what was the target?

-- review everything for vulnerabilities. Check your forms, GET variables, and anything that accesses the database or includes files based on user input.

Edit:

backup,
backup,
backup!!!

[djr33]

The only thing I'll add to traq's post is:
--Tell the Joomla developers. They want to avoid this too.
(If it is due to a general problem with Joomla.)

[artonweb]

Thank you traq and djr 33 for your advice.
3 of my websites, hosted on the same server, was hacked a week ago.

[james438]

Are you sure it was your database that was hacked? I believe djr33 was alluding to this earlier that it may be your php files that are giving the hacker access to your database.

I am only curious because I have a fair amount of experience with my website being hacked. The last time it happened I spent a few months doing nothing but researching how to improve the security on my website. I believe that it was traq that was kind enough to work with me on this. As it turned out the security that was put in place was quite timely because I was able to record several hack attempts almost immediately after they were all put in place.