How to determine if someone is accessing our database remotely?

Posted by Vednor on Pro Webmasters See other posts from Pro Webmasters or by Vednor
Published on 2013-11-01T19:01:10Z Indexed on 2013/11/01 22:12 UTC
Read the original article Hit count: 187

Filed under:
|

I own a content publishing website developed using CakePHP(tm) v 2.1.2 and 5.1.63 MySQL. It was developed by a freelance developer who kept remote access to the database which I wasn’t aware of. One day he accessed to the site and overwrote all the data. After the attack, my hosting provider disabled the remote access to our database and changed the password. But somehow he accessed the site database again and overwrote some information. We’ve managed to stop the attack second time by taking the site down immediately. But now we’re suspecting that he’ll attack again.

What we could identified that he’s running a query and changing every information from the database in matter of a sec.

Is there any possible way to detect the way he’s accessing our database without remote access or knowing our Cpanel password? Or to identify whether he has left something inside the site that granting him access to our database?

© Pro Webmasters or respective owner

Related posts about database

Related posts about hacking