Re: Shell Shocking

Rolf Hopkins Tue, 13 Feb 2001 07:17:08 -0800
What you have just described means that database permissions have not been
set up correctly and your ISP has left himself wide open for all kinds of
attacks and I'm not just talking about attacks on the database itself but
also attacks on the whole system.  Ie access to unix root. DOS, etc

Read the security section of the manual, it will give you some idea of how
it is done.  I would say your ISP is one of these dotcom companies that are
out for a few quick bucks and don't know what they are really doing.

Cheers

Rolf

----- Original Message -----
From: "Mikel King" <[EMAIL PROTECTED]>
To: "clay bond" <[EMAIL PROTECTED]>
Cc: "mysql@lists. mysql. com" <[EMAIL PROTECTED]>
Sent: Tuesday, February 13, 2001 21:18
Subject: Re: Shell Shocking


> Problem is that most ISPs can't afford a competent DBA...;(
>
> clay bond wrote:
>
> > On Tue, 13 Feb 2001, Donald Korth wrote:
> >
> > > The hosting company has given me a user name and passwd . When i log
into my own site thro' a telnet session i 'm able to view all the databases
created in the server that includes DBs not created by me  . I also did a
"USE DB" command to connect to a DB that wasn't mine . Also "Show tables"
faithfully listed all the tables in the DB . I even  was able to run a
"SELECT " on a login table table to list all the user names and passeords
listed with the company .
> > > What do i make of it ???? An admin lapse or a inherent limitation of
MySQL as the support guy makes it out . But the latter is hard to believe.
> > > Any suggestions on  how to make my DB invisible on other Logins ?????
> > > Any help will be deeply appreciated .
> >
> > If your db is anywhere near critical, I would change
> > to an ISP with a competent DBA, if I were you.
> >
> > --
> >  /"\
> >  \ /    ASCII RIBBON CAMPAIGN
> >   X     AGAINST HTML EMAIL
> >  / \    AND POSTINGS
>
>
> ---------------------------------------------------------------------
> Before posting, please check:
>    http://www.mysql.com/manual.php   (the manual)
>    http://lists.mysql.com/           (the list archive)
>
> To request this thread, e-mail <[EMAIL PROTECTED]>
> To unsubscribe, e-mail
<[EMAIL PROTECTED]>
> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php


---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
Re: Shell Shocking

Reply via email to
