MySQL Security Over Network
Nov 6, 2008
I have been working on quite a large project for the past few months, and have just thought of a new way to do something, so im just in the feasiblity stage of a particular component.
My question is, how secure is MySQL across a network, i.e. the internet.
Is the query string sent in plain text?
If so is there a way to secure MySQL commands over a network, so I can send "sensitive data"?
View 4 Replies
ADVERTISEMENT
May 13, 2008
I am building a website which require a data feed from a third party data provider. I have to fill out a 'questionair' when submitting my application and I'm not sure what to put for this questions.
Question: "Have you run a vulnerability assessment of network security? What is the current assessment rating?"
I Google'd for security rating but came up blank, without any useful result. Is there a level like 1-5 or something for network security rating? I m not sure what to put on here.
I'm not against getting a shared/virtual hosting account if the a host could provide me with these ratings.
View 2 Replies
View Related
Apr 16, 2009
I am intending to setup a network as the following:
NOC1:
Cisco/Dlink Managed Router
Firewall with DOSS protection
Server1
Server2
Server3
Backup Data Bank Drive
NOC2:
Cisco/Dlink Managed Router
Firewall with DOSS protection
Server4
Server5
Server6
NOC2 are backup servers. I will need to have whatever in NOC1 to be written to NOC2, i think is call IP mirroring or RAID , not too sure
My [url]is going to have nameserver1/2 to zoneedit. Zoneedit hosts reliable DNS servers. It also support something call failover.
So if NOC1 is down, i will switch to IP to NOC2 IPs.
Now, if i face a DDOS attack, i am suppose to switch to a DDOS attack managment company (with big bandwidth and blocking), is it as simple as switching the [url]to the DDOS attack management company using zoneedit and the company will than link back to my noc1/2 ?
How does it works?
Is the way i setup the network correct?
View 14 Replies
View Related
Jun 28, 2008
Any security risks with setting up server on home network? I would like to set up a computer running linux or xp as a computer on our home network. We have about 3 other computers on the same network.
My network manager says that it would be a security risk to the other computers on the network if I were to have the server running on the network. The server would be connected to a netgear wireless router and I would have ports 80 and 21 opened just for the internal ip address of the server. (for example, the server is on 192.168.0.3, and I had just the two ports open for it, while there were computers on 192.168.0.2 and 192.168.0.4).
The netgear router has a firewall built into it. Each of the other computers on the network have software firewalls. I would not have a firewall on the server, and I really don't care if someone hacks it. So, what at worst could happen? Would the other computers be at risk?
If you are a professional, I want your opinion also.
View 4 Replies
View Related
Sep 10, 2007
MySQL 5.0 supports stored procedures -- but is it safe to allow shared hosting customers to have privileges to create them? If the procedures are global, does that mean that:
a) one customer could write a procedure which accessed another customer's data?
b) any customer could call a procedure created by a different customer?
c) any customer could override an existing mysql function in a way that would affect other customers?
d) any customer could write a function that bound to a system library and crash the entire server instance?
View 8 Replies
View Related
Apr 4, 2008
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
View 10 Replies
View Related
Oct 14, 2009
any experiences to report about purchasing used / refurb gear from either Network Liquidators (nweq.com) or Network Hardware (networkhardware.com)?
View 12 Replies
View Related
May 8, 2009
Since my /var partition is full, so I moved /var/lib/mysql to /backup/mysql/.
Seems all the files are copied and I changed my.cnf reboot mysql, but all the web sites using db is not working anymore..
View 4 Replies
View Related
Jan 21, 2007
I installed the MySQL binary packages in /usr/local/mysql/ after removing the MySQL RPM package. MySQL is functioning when I executed /usr/local/mysql/bin/safe_mysqld. I reinstalled MySQL before I installed PHP. When I used a PHP script to access a MySQL database, it outputs an error:
Code:
Warning: mysqli::mysqli() [function.mysqli-mysqli]: (HY000/2002): can't connect to local mysql server through socket /var/lib/mysql/mysql.sock in index.php on line 2
However, I installed MySQL in /usr/local/mysql, not in /var/lib/mysql. How do I fix MySQL?
View 1 Replies
View Related
Jun 16, 2008
For some reason mysql wont start, i have tried restarting mysql but it wont, it says FAILED. The mysql.sock file seems to have disappeared and i cannot find it anywhere.
View 5 Replies
View Related
Feb 11, 2008
I recently had a harddrive failure and luckliy I can still access certain directories on this failed drive. I can still access the /var/lib/mysql/ directory which holds all the users databases and have backed all these up separately using tar.
Now what I need to know is how do you restore these database files to another server? I tried simply untar'ing one of these to the new servers /var/lib/mysql/ direcotry and it stuffed Mysql up - it went offline. I had to get a cpanel tech to bring Mysql back online.
how can I get these database files to fully work on a new server?
View 2 Replies
View Related
Jul 16, 2009
I have regarding hosting/designing my application. Users of my website upload highly sensitive files to the server. I'll use SSL but will that be enough since the files are not encrypted on the server. I tried to encrypt the files but that is adding a huge overhead.
My first question is - is it a good idea to store the files on the server rather than a database? My other question is regarding hosting; I'm thinking of building my own server and host it in a colo. Is colo more secure than dedicated hosting? Currently i'm still in the process of developing my App and my environment is Windows Server 2008/SQL Server 2005.
View 13 Replies
View Related
Feb 9, 2007
Is there any problems with having duplicate rules in different files as I have downloaded some rules and am going to make them all into one file to give me the best protection, but this is going to take time and I really need some sort of protection now
View 2 Replies
View Related
Aug 25, 2007
after install ConfigServer Firewall i get the following ...
ConfigServer Security & Firewall - csf v2.89 >>
PHP Check >>
Check php for register_globals >>
WARNING >> You should modify the PHP configuration (usually in /usr/local/lib/php.ini) and set:
register_globals = Off
unless it is absolutely necessary as it is seen as a significant security risk
must i modify it?or not? put in ur consideration i tried to download it to modify an error occured!
View 2 Replies
View Related
Aug 24, 2007
I am on a shared server account with Lunar Pages basic hosting plan.
The only script file I have up running is db Masters FormM@iler. It runs on Cpanel. I deleted whatever other scripts I could find on my server. The site is just basic html pages with jpgs and a gif.
Is there much else I really need to do to secure the server or is that more in Lunar Pages' hands?
If there is still more I can do to secure the server, and is it a small amount that's easy to do or would it be wise to just hire someone else to put in a few hours making sure everything is truly set up securely?
View 5 Replies
View Related
Apr 23, 2007
I have a vps that has been exploited, and the hosting company is giving me advise on what to do to fix the security problems, but i need a good server administrator/company to help me with this. can anyone recommend a company that will go thru my server,
View 8 Replies
View Related
Mar 27, 2007
I'm inheriting a website that is currently a mess. It was designed in Joomla, but everything about the site by the original designer, is completely a mess. Files weren't placed in their proper directory hiearchy, the site has been hacked into a few times...basically a big headache.
I'm willing to learn and my first goal is the redesign the site. Currently, I'm looking at choosing a CMS or just rebuilding it in Joomla. The problem is that the site is a big part of the business, so any down time is not good.
I have some questions I hope you experienced folks can help me with...
Does CMS choice have any bearing on whether or not its a security vulnerability? If so, which one's are "less a target" of getting hit?
I just want to design the site from scratch and make it secure as possible from suggestions on various forums. I don't want to be a security admin, but is that what I'll end up having to do to run a site like this?
What are my options between "doing it myself" vs "hiring a third party"?
The company is right now in a tween stage. Fast growth but not enough to hire a security guy, based on my talks with the CEO. I disagree with this, but what can I do in the meantime to plug the site holes?
I'm almost wanting to go commercial so I don't have all the headaches, but the company wants to save money. What can be done in those situations?
Before I go out and spend money on books, what do you recommend I buy to start getting my feet wet in what may become a future in IT security?
This is from someone who's just inherited a dedicated server with a swiss cheese website. What is the first order of business for someone who is in the dark and will not get much support in regards to spending more money?
how do I secure my site "on my own"?
View 5 Replies
View Related
Feb 26, 2007
I noticed that my vps had utilized 250 gig of traffic in one day [i average 5 gig per MONTH] with cpu usage of close 100%; my hosting company pinpointed one php file which had allowed an outside varibale to be placed in "include" function so that the outside php code was being run;
Is there any program/scripts that can immediately email me if cpu usage stays high
the nic card is being utilized too much memory usage exceed certain levles this way, i would know i have been hijacked in time and try to find the culprit i use knownhost with cpanel/linux mysql and php.
View 5 Replies
View Related
Jul 21, 2007
i have an unix server [don't know what version i think it's FreeBSD ]
[url]
and i use WS_FTP to upload the files to my server.. but i have a big problem all my files are encrypted with some problems but when people use getrigh browser or some kind off program to acess my server instead of a normal browser it appears the list of files i have upload and they can download them and when i set password for images etc it's all safe, but people can't acess parts of the site without password... i want to know if there's some way of protect my file without interfering with the normal browser acess.
View 9 Replies
View Related
Jul 24, 2007
when we run server with shared hosting. we mostly facing issue os security like c9shell scripts.. as well as ppl hacked database or changed index.html. we do enable php open base dir as well as mo security firewall we do search which user is using find command who is uploading file... but is there any other way to secure server for such hacking issue..
View 5 Replies
View Related
Mar 26, 2007
I have run rkhunter and got message saying that /bin/dmesg [BAD]
# rpm -qf /bin/dmesg
util-linux-2.12a-16.EL4.20
# rpm -V util-linux-2.12a-16.EL4.20
.M...... /usr/bin/chsh
It looks like RPM damaged? How can I confirm it?
View 2 Replies
View Related
Jul 10, 2007
When securing a vps system, do things like Enable Shell Fork Bomb/Memory Protection use much memory or any other secuirty measure?
View 3 Replies
View Related
Oct 31, 2007
We have a e-commerce web site that has the latest shopping cart software ( that is known to be secure) ssl cert, etc.
We got a call today from a guy who says that he used his brand new card on our web site and that the card was stolen and used on anothoer site within hours. We have checked every file on the web site, logging into serevr root and checking everything and cant find any evidence of a hack or security breach of any kind.
can someone recommend a reliable company that can go in and check things out for us to see if they can find anny security issues, or evidence of a breach? There must be a company out there that does this sort of thing
View 4 Replies
View Related
Jan 17, 2008
Can someone recommended me some one with knowledge of mysql exploit or mysql injection, it seem to our VB forum have issue with database load..
View 5 Replies
View Related
Jan 15, 2007
I've been racking my brains with this problem for the last couple of months and have made zero progress. I've asked a lot of people if they know what might be wrong here, but none of them have any idea.
Basically, the problem is that any sort of service monitor I put on my server shows MySQL as being down/offline, even when I know for sure it's up and running perfectly fine. All other services report a green light.
The mysqld service is running on port 3306, which is open both inbound and outbound on my APF config, so as far as I can tell it's nothing to do with the firewall (I won't rule that out though).
The other odd thing is that MySQL shows a green light within WHM, but not anywhere else.
Does anyone know what might be wrong here? Am I missing something entirely fundamental and obvious?
View 11 Replies
View Related
Apr 8, 2008
I am conducting some research into potential risks that web hosts have to deal with on a daily basis. What potential security risks are there for web hosts ? And how do they overcome these issues?
View 6 Replies
View Related
Jun 7, 2009
For security reason I have these php functiosn disabled:
show_source, system, shell_exec, exec, popen, proc_open, procopen, passthru
Can anyone please tell me whether if it will prevent shell scripts from working?
They can still upload the shells but cant read/write/execute commands in 777 directories?
View 6 Replies
View Related
Jul 16, 2009
I want to setup a Windows 2003 security policy to filter traffic.
I want to let most of the world through to port 80 so maybe just ban a few nuicance IP's.
But then I have a POP / IMAP server, VPN, SMTP, etc that I want to block all but UK IP addresses.
I know I can do this through the MMC snap in but this is 1000's of IP's.
Is there a way I can import a list/range of IP's that I want to block from a country IP database?
View 14 Replies
View Related
Oct 9, 2009
I have a Linux server in which i have two NIC's one is for the LAN and other is for the Internet
[root@nebula etc]# ifconfig
eth0 inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
eth1 inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
How can i test security between the Internet Nic and the LAN Nic to be sure no security leaks exist.
I can only access the server remotely no GUI but can install packages.
View 4 Replies
View Related
Mar 23, 2009
I am getting more into it and looking for the best way to harden it and secure it. Also some information about what processes to turn off and how to better setup my IP Tables.
View 8 Replies
View Related
Apr 24, 2009
So I've been using WHMCS for a while, and there's something I'm a little concerned about with the whole keeping customers credit cards for recurring payments.
I've downloaded a backup copy of the database and I see that the passwords and credit card information is encrypted. That's all nice and handy but the CC hash is also stored right in the configuration file. That means that if someone gains access to the server and just grabs the database + config file they would then be able to view all that info correct? Maybe someone who knows a little more about WHMCS can tell me if this is correct or not?
View 1 Replies
View Related