Results 1 to 4 of 4

Thread: phpmyadmin hacked

  1. June 23rd, 2009 #1
    maddentim
    maddentim is offline Just Give Me the Beans!
    Join Date
    Nov 2006
    Beans
    75

    phpmyadmin hacked

    I made a bad mistake with the apache configuration for a phpmyadmin on a server of mine and i was attacked by this sql injection attack: http://www.hackerscenter.com/index.p...ction-RCE.html

    So somebody hacked my phpmyadmin install recently and now I am trying to decide what needs to be done to clean it up. The server does not host valuable websites itself but does contain valuable data and code. Once I realized I had been hacked, I took phpmyadmin out of apache and then did a complete purge of the package and all its configuration files. Then I reinstalled it. phpmyadmin seems to be fixed (including the bonehead error on the apache2 config), but I am concerned what else an attacker might have does while it was hacked. It was several days before I realized the trouble.

    If it was just a vandalism thing and purging/reinstalling phpmyadmin fixes it, then I'll let it go. But I don't know enough to say that.
    Advanced reply Adv Reply  
  2. June 23rd, 2009 #2
    philcamlin's Avatar
    philcamlin
    philcamlin is offline May the Ubuntu Be With You!
    Join Date
    May 2009
    Location
    Canada
    Beans
    1,204
    Distro
    Ubuntu

    Re: phpmyadmin hacked

    id be fins with it then

    how do you know your hacked? i have php admin installed...
    How to get involved with the community Read the code of conduct before you post Free ubuntu Pocket guideLearn the commands!
    Always make your posts detailed and search before you post!
    Ubuntu User: 834502
    Advanced reply Adv Reply  
  3. June 24th, 2009 #3
    maddentim
    maddentim is offline Just Give Me the Beans!
    Join Date
    Nov 2006
    Beans
    75

    Re: phpmyadmin hacked

    The first sign I had was that I could not log into phpmyadmin. It said something about an invalid host. in digging around about the error, I found about about the attack and they changes made. Basically, the file config.inc.php in /var/lib/phpmyadmin was changed to something else (an normal install has an empty file there. the one ubuntu uses is somewhere else) Where the hostname for phpmyadmin is specified is had phpinfo() inserted. You are probably safe. I had my apache configured incorrectly such that certain phpmyadmin directories where not protected as they should have been.
    Advanced reply Adv Reply  
  4. June 25th, 2009 #4
    WitchCraft's Avatar
    WitchCraft
    WitchCraft is offline Iced Almond Soy Ubuntu, No Foam
    Join Date
    Feb 2008
    Location
    readlink("/proc/self/exe"
    Beans
    1,120
    Distro
    Ubuntu Development Release

    Wink Re: phpmyadmin hacked

    Quote Originally Posted by maddentim View Post
    I made a bad mistake with the apache configuration for a phpmyadmin on a server of mine and i was attacked by this sql injection attack:
    LoL, check the logfiles, find the IP, find the ISP, find the tech/legal contact mail-address, write an E-Mail asking them to stop servicing that hacker / issue him a warning.

    Don't ask for his address, they have to abide data privacy protection laws and taking the necessary legal action is too expensive anyway. Besides, it might just be a stupid kid who doesn't know what he/she is doing.
    Last edited by WitchCraft; June 25th, 2009 at 12:11 PM.
    In a world without walls and fences, who needs Windows and Gates?
    Linux is like a wigwam.... no Gates, no Windows but Apache inside!
    http://www.debianadmin.com
    apt-get install libstdc++6-4.3-doc
    Advanced reply Adv Reply  
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct