I found the problem. There was a problem with FTP security, and a member decided to look in my PHP files and find my MySQL password. He then, obviously, used that MySQL password to trash our database.
Mystery solved. - Jefferrs "R'Twick Niceorgaw" <[EMAIL PROTECTED]> wrote in message 000601c1800f$423b1e80$273abe18@utkalika">news:000601c1800f$423b1e80$273abe18@utkalika... > move to a unix box never trust IIS/W2k ! > > -----Original Message----- > From: G Schneider [mailto:[EMAIL PROTECTED]] > Sent: Saturday, December 08, 2001 10:39 AM > To: [EMAIL PROTECTED] > Subject: [PHP-WIN] my MySQL hacked? > > > Okay, okay okay... > > I got up this morning to discover that my MySQL server has had ALL its > databases DELETED except for the mysql.* one. > > When looking in the mysql.user table, I discovered that there were now TWO > "root" users - except the new one required NO password. > Also, another root-access user had been given a twin (same username), but > requiring no password. > > Into the bargain, all records on the mysql.db table had been erased. > > Now what the HELL do you think caused this? > > The server is protected by a firewall, running on IIS5/Windows2000, and > nope - nobody with root access gave their password away. > > Could it have been a virus? This morning several viruses were cleared off > the hard-drive of the server (uploaded by members). Is there a virus that > can do this? If so, what is it? > > Thankfully the MySQL server was not available for general use (to our > members) but was undegoing a sort-of 'testing period'. So nothing important > was lost. But I don't want to see this happen again! So can anybody shed any > light onto what could have caused this?!??! > > Thanks, > - Jefferrs > > (p.s. this post is being cross-posted to both alt.comp.lang.php and > alt.php.sql) > > - Jefferrs > > > > > -- > PHP Windows Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > > > > -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
