Page 1 of 1

mysql virus/error

Posted: Mon Feb 18, 2008 11:04 am
by fabby
Hi.
I don't know what to do...i have a site with announces, and from day to day disapear data from tables...from all the tables...it disapears categories, announces, etc. Don't know what to do...can you help me, pls?

Re: mysql virus/error

Posted: Mon Feb 18, 2008 11:21 am
by John Cartwright
It sounds more like an insecure script than it is a virus. First and foremost change all of your passwords. The rest is a bit dificult to determine because we've got so limited information. I would suggest going through your scripts and checking for vulnerabilities, such as using unsanitized user input. I.e. you should be using mysql_real_escape_string() on all input in your queries.

Re: mysql virus/error

Posted: Mon Feb 18, 2008 2:57 pm
by Benjamin
You don't by chance have a public page anyplace where records can be deleted with get requests do you?

Re: mysql virus/error

Posted: Tue Feb 19, 2008 12:24 pm
by fabby
but if it was a hacker, why it didn't delete all from my database?
i don't have a public page where to delete records.

i wil make a test..i will delete the admin pannel for 4-5 days to view if any of my categories is deleting....and i will test the login...because there you can delete some announces..and i will verify if is there a bug....

Re: mysql virus/error

Posted: Tue Feb 19, 2008 12:49 pm
by Benjamin
Well if google is nailing a page where records can be deleted, and your using GET requests instead of POST, that's probably the issue.

Re: mysql virus/error

Posted: Tue Feb 19, 2008 1:05 pm
by fabby
no, it isn't possible because it have to login :D

Re: mysql virus/error

Posted: Wed Feb 20, 2008 6:17 am
by Inkyskin
If you dont have any validation, google can very easily register/login - this happened to me a few years ago when I was just learning the basics.