How to determine if someone is accessing our database remotely?
Posted
by
Vednor
on Pro Webmasters
See other posts from Pro Webmasters
or by Vednor
Published on 2013-11-01T19:01:10Z
Indexed on
2013/11/01
22:12 UTC
Read the original article
Hit count: 187
I own a content publishing website developed using CakePHP(tm) v 2.1.2 and 5.1.63 MySQL. It was developed by a freelance developer who kept remote access to the database which I wasn’t aware of. One day he accessed to the site and overwrote all the data. After the attack, my hosting provider disabled the remote access to our database and changed the password. But somehow he accessed the site database again and overwrote some information. We’ve managed to stop the attack second time by taking the site down immediately. But now we’re suspecting that he’ll attack again.
What we could identified that he’s running a query and changing every information from the database in matter of a sec.
Is there any possible way to detect the way he’s accessing our database without remote access or knowing our Cpanel password? Or to identify whether he has left something inside the site that granting him access to our database?
© Pro Webmasters or respective owner