Discussion:
MySQL table suddenly disappeared and a func table was created
(too old to reply)
w***@gmail.com
2007-04-02 05:04:52 UTC
Permalink
Hi, everyone. I am not sure if i am writing in the correct group. But
somehow it relates to MySQL, i hope someone can help me.

I am working on a web site which is developed by PHP and MySQL, hosted
by a hosting company. Last week, all tables in MySQL suddenly
disappeared and a "func" table is created there. I never create that
table in my database.

I asked the Hosting company what happened. The staff claimed that
most probably my computer was hacked and someone use the admin
password to delete all the tables. Or another possiblity is someone
use SQL injection to grab the database control through the web site.

So i follow their instruction to check my web log to see if any
suspected access and also i checked my program if there is hole for
SQL injection. But seems that is not the reason. Then i checked if
my computer is hacked. No signal that my computer was hacked.

Now they helped me to restore the database. But since the reason is
still unknown. It may happen again. I am wondering if anyone had
same problem before. I am appreciate if any feedback on this issue.
I really want to know the reason for the problem and try to prevent
it.

My local environment:
MacBook with Mac OS X 10.4.9
Using Aqua Data Studio to connect remote MySQL

Thanks for advanced.

Priscilla
Gordon Burditt
2007-04-03 23:25:00 UTC
Permalink
Post by w***@gmail.com
I am working on a web site which is developed by PHP and MySQL, hosted
by a hosting company. Last week, all tables in MySQL suddenly
disappeared and a "func" table is created there. I never create that
table in my database.
"func" is a table that appears in the "mysql" database to support
user-defined functions. Or it could be something entirely unrelated
except for the name.
Post by w***@gmail.com
I asked the Hosting company what happened. The staff claimed that
most probably my computer was hacked and someone use the admin
password to delete all the tables. Or another possiblity is someone
use SQL injection to grab the database control through the web site.
Possible. You do have backups, don't you? Of the site, the database,
*AND* the hosting company.
Post by w***@gmail.com
So i follow their instruction to check my web log to see if any
suspected access and also i checked my program if there is hole for
SQL injection. But seems that is not the reason. Then i checked if
my computer is hacked. No signal that my computer was hacked.
Now they helped me to restore the database. But since the reason is
still unknown. It may happen again. I am wondering if anyone had
same problem before. I am appreciate if any feedback on this issue.
I really want to know the reason for the problem and try to prevent
it.
There are a number of unlikely WHOOPS!! happenings that could happen.
A sector going bad or getting scribbled on during a power failure
(or employee tripping over power cord, or resetting the wrong
machine) could account for it.

Do you know what OS the MySQL server machine is running?
Priscilla
2007-04-07 12:11:11 UTC
Permalink
Gordon, thanks for your comment. I don't know what OS the MySQL
server machine is running.. But my web plan is using window server.
Maybe the MySQL server is also on Window platform.

Priscilla
Post by Gordon Burditt
Post by w***@gmail.com
I am working on a web site which is developed by PHP and MySQL, hosted
by a hosting company. Last week, all tables in MySQL suddenly
disappeared and a "func" table is created there. I never create that
table in my database.
"func" is a table that appears in the "mysql" database to support
user-defined functions. Or it could be something entirely unrelated
except for the name.
Post by w***@gmail.com
I asked the Hosting company what happened. The staff claimed that
most probably my computer was hacked and someone use the admin
password to delete all the tables. Or another possiblity is someone
use SQL injection to grab the database control through the web site.
Possible. You do have backups, don't you? Of the site, the database,
*AND* the hosting company.
Post by w***@gmail.com
So i follow their instruction to check my web log to see if any
suspected access and also i checked my program if there is hole for
SQL injection. But seems that is not the reason. Then i checked if
my computer is hacked. No signal that my computer was hacked.
Now they helped me to restore the database. But since the reason is
still unknown. It may happen again. I am wondering if anyone had
same problem before. I am appreciate if any feedback on this issue.
I really want to know the reason for the problem and try to prevent
it.
There are a number of unlikely WHOOPS!! happenings that could happen.
A sector going bad or getting scribbled on during a power failure
(or employee tripping over power cord, or resetting the wrong
machine) could account for it.
Do you know what OS the MySQL server machine is running?
Bill F
2007-04-06 14:13:39 UTC
Permalink
That's kinda curious that you web host's first suggestion would be they
were cracked. I would think they would not want to spread that.

Anyway, it was a good idea to check the logs, but my first thinking would
be hard\software glitch. Crackers tend to leave evidence. They want you
to know they did something.

I am by no means a MySQL or PHP guru but since I tend to do stupid things
to my files,like deleting the wrong one, I would check to see if there is
a way you code could have overwritten the tables. Could it be that someone
else's code\site on your web host hit you pages?

You also might find out what other kinds of things were done,
backup\restore of data or a hardware replacement even if it was not the
server your site is on. It could be related some how.

Sorry I could not give the magic bullet to fix you issue.

With that said check out this link. It mentions something about a
vulnorability
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html

Bill
Post by w***@gmail.com
Hi, everyone. I am not sure if i am writing in the correct group. But
somehow it relates to MySQL, i hope someone can help me.
I am working on a web site which is developed by PHP and MySQL, hosted by
a hosting company. Last week, all tables in MySQL suddenly disappeared
and a "func" table is created there. I never create that table in my
database.
I asked the Hosting company what happened. The staff claimed that most
probably my computer was hacked and someone use the admin password to
delete all the tables. Or another possiblity is someone use SQL injection
to grab the database control through the web site.
So i follow their instruction to check my web log to see if any suspected
access and also i checked my program if there is hole for SQL injection.
But seems that is not the reason. Then i checked if my computer is
hacked. No signal that my computer was hacked.
Now they helped me to restore the database. But since the reason is still
unknown. It may happen again. I am wondering if anyone had same problem
before. I am appreciate if any feedback on this issue. I really want to
know the reason for the problem and try to prevent it.
MacBook with Mac OS X 10.4.9
Using Aqua Data Studio to connect remote MySQL
Thanks for advanced.
Priscilla
Loading...