Mysql server is dragging someone elses dreamH DB!


#1

ok can anyone answer this one for me?

my CMS site was working fine until last night when suddenly instead of displaying plumbing information it showed pokemon information!

no settings in my sql have been changed and the connection details in my php file are correct.

With that in mind im stumped why its happening!?!

Im on gambino and have submitted several support tickets but as of yet havent received a reply (which is unusuall for dreamhost, usually pretty fast)


#2

Check your database tables via phpMyAdmin or SQL dump to see if it’s your database that has become filled with pokemon content for some reason.

We don’t want Pokemon when we’re loading Mario Bros, DH !!

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#3

hi sxi

i have checked my database and its all perfect! this is whats confusing me. its all original and nothing is incorrect. If i log into the admin area of the CMS it shows the pages i can edit etc. These all appear to be correct.


#4

Could you provide a link to your site?

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#5

thanks for your help but ive gone down the agressive route and backed up the sql and deleted the database. Will do a clean install of the CMS software. If i get any more poke-bloody-mon ill let you know!


#6

I’ve seen that sort of behavior when script-kiddies run something they found on a haxx0r site. Some times it results in an “index.html” file being uploaded to your directory. Since there is an order of precedence for what files Apache loads as default, this page will override your index.php page.

If that’s what happened you may not have actually lost the files you started with. While your method is sound in terms of making sure all the sketchy files are gone, a fresh install of the CMS will not have any 3rd party add-ons or modules that you installed.

This isn’t a problem if you didn’t install any, but the site won’t run off a restored database if you did have extensions. This can be somewhat of a foo unless you reinstall every extension before restoring your database backup. With most CMS exploits I’ve encountered it’s typically 3rd-party extensions that are compromised rather than the core CMS code. That’s why I suspect there may be extensions for your site.

I’d grab some copies of the various automatic backups of your website soon. You might be able to get a copy prior to the exploitation, but it’ll be overwritten soon if you grab nothing. You might not need those backups, but better safe than sorry.