Re: System Hacked from MySQL Insecurities

[bernie () e-mich com]

Yes it is definately possible and easy to exploit MySQL.  Are you allowing port
3306 to accept connections from the outside world?

Also did you set a root password for root, as the deafult install does not?

Are you runing a firewall, and if you are are you only allowing access to port
3306 from certain IP's or subnets.

These are all questions that you should know the answer too or you sahould not
be running a public database server.  If you cannot answer these questions and
need some help let me know, I will try to help if I can.

B. Johnson


Quoting Kalpin Erlangga Silaen <kalpin () solonet co id>:

> Dear all,
>
> several days ago, someone hacked my test box using the latest FreeBSD.
> He explained that he rooted my box because he knows my root mysql
> password. Is it possible to hack system via MySQL ? or he just tricked
> me and try hide his way ? I am using MySQL 4.0.18 for FreeBSD.
> My details system:
>
> OS: FreeBSD 5.1
> MySQL version: 4.0.18
> Port : 3306
>
> I opened port 3306 from Internet, so people can use this if they have
> access/username to MySQL.
>
> Thank you.
>
> --
> ---
> Kalpin Erlangga Silaen
> mailto: kalpin () solonet co id
> URL: http://www.warningnews.com
> YM: kalpinus
> MSN: kalpinus
> IRC: mesra.dal.net nick Kalpin




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.