Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. General Support
  4. [1.10.x] Possible Database Hack

[1.10.x] Possible Database Hack

1 Dec 11, 2008 15:58    

My b2evolution Version: 1.10.x

A few days ago a little php file appeared in my /media directory. It launches what appears to be a log in screen. “ PENGINTAI DATABASE DAN QUERY EKSEKUTOR” is the title across the top of the screen. From what I can tell, it looks like it is a front end for someone to log into a mysql database, prompting for the host, user name, password, and database name.

The file’s appearance is NOT linked to anything B2E did. Rather, a weakness in the server configuration seems to have allowed someone access to this directory. That’s been addressed and the file has been deleted. What I don’t know is whether or not someone got access to the database, and if so, what they might have done with the content. As far as I can tell, clicking through posts on my blog, everything seems fine.

I’m trying to decided whether to pay a fee to have my prior database restored from backups, or I forge ahead using this one. Is there anything I can look for in the database or in the Admin area that might give me a clue as to whether or not the database is OK. Is my premise that if someone got access to the database they could inject bad code etc into the posts a correct one?

Lastly – the login info for the database is pretty strong – very long and complex user and database names. How secure is that info within B2E v1.10.2? I’m wondering what the odds are that someone actually gained access to the database, even with this front end in place.

Any advice on how to proceed here would be appreciated – I’m pretty much at a loss about what to do with this.

Back to top

2 Dec 11, 2008 16:49

tough call, comes down to how much peace of mind you want I suppose ... and how much the fee is ;)

evo's pretty good at security but, like any app that needs to connect to a database, it needs to have a file that contains your wonderfully strong details .... if the hacker could access your /media/ folder then how hard would it be for them to read /conf/_basic_config.php ?

¥

Back to top

3 Dec 11, 2008 17:49

Thanks - that's useful information.

My site is hosted on a shared server, and apparently there was a configuration problem with my /media directory that made it possible for other users on the server to access it. If the security on the /conf/ folder remained sound, so that it could not be accessed, then I may not have a problem.

I'll check on this with the web host.

Back to top

4 Dec 11, 2008 18:33

/media/ problem just means "they could write a file"

if they had access to write that then I'll pretty much guarantee they could read any / every file in your web root

¥

Back to top

5 Dec 11, 2008 18:50

Thanks Yabba.

The tech support person I talked with said that the /conf file was never set to "world readable" and he didn't think any of the files in it could have been accessed.

It's probably better to be safe and restore the backup. Would I need to do any additional configuring or installation once the database is restored?

Back to top

6 Dec 11, 2008 19:02

*if* you want ultimate peace of mind .... change hosts ( just kidding, they sound like nice guys ;) ) ... pay for the restore and change your database user / pass ( you'll need to change /conf/_basic_config.php settings to match ).

¥

Back to top


Form is loading...