I am running a medium size php/mysql website. In the last days I recieved more and more mysql errors due to url tempering. Now my website went down for at least 5 minutes, or more detailed the database server mysql 3.x went down. In the apache logs I found requests like
"connection:close" comming from unspecified clients.
Change your mysql username privileges so that logins can only come from localhost.
Make sure the phpmyadmin conf file isn't visible to outsiders - it has your mysql database passwords in it.
Consider using deparate usernames/passwords for each mysql database, so that if a password becomes known, only one database is open to attack.
Make sure you have no usernames/passwords visible in plain text form in
any world-readable files. Assuming that hackers aren't able to access
known usernames/passwords, they may use brute force attacks to guess
user/password combinations, so make sure your usernames aren't obvious
and that your passwords are strong (ie, not words from a dictionary, combination of numbers and letters, uppercase/lowercase, etc.).
My understanding (limited) is that connections closing isn't necessarily a sign of illicit behaviour, depending on which log file they're in and the context of their appearance.
If you think you're a target, change all your passwords (in case they are known) and tighten your security.
Peter.
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
