Page 1 of 1

I'm guessing I got hacked.

PostPosted: 21. June 2007 18:19
by MikesTooLz
My server stoped a couple time so I checked to make sure everything was ok.

As far as the websites go, everything is working fine. They can access the Databases and everything like normal.

I try to log into phpmyadmin to get a better look at the databases and this message pops up.

Code: Select all
#1045 - Access denied for user 'pma'@'localhost' (using password: YES)


I opened up the config.inc.php and found this.

Code: Select all
$cfg['Servers'][$i]['controlpass']   = 'ShitFace';


Someone changed the password for pma to ShitFace. I don't remember what it was set to before and all passwords I've tried fail.

What should I do and how do I prevent them from doing it agian?


__________edit________
I also noticed
Code: Select all
$cfg['Servers'][$i]['auth_type']     = 'config';

and changed it to cookie. This let me login to phpmyadmin.
Once I was loged in I looked at the pma user and it had a blank password so I changed that and set it in the config.inc.php

The pma account was also granted access to shut down the server. Im guessing this is why it would stop.

PostPosted: 24. June 2007 23:07
by Rhodesia
FIRST, tell me, did you change or rather set the MySQL root user's password in the xampp/security file?

To be safe, you can drop the root user all together (if you want to...)
FIRST login to phpmyadmin, click the priviledges link in the right window, click the root user and scroll down to the part that says;
Change Login Information / Copy User
Change the root username to a different name, then set a password using textfield, retype it to verify it is the same, then at the bottom of the right frame Create a new user with the same privileges and ... keep the old one.

Reload priviledges for the server.

Once your new user is created logout as the root user and then login to the server as the new user you just created, click priviledges and delete the root user account. (NOTE: you will need to change any connections to the database in your website scripts to reflect the new user and password since root no longer exists)

Now, onto your problem...
PMA user password is blank by default, you should leave it set as you have done to be safe. It is also allowed to shutdown the server, you can deny PMA that priviledge, but now you password protect that user you will be safe from future problems.

Leave the settings as you have now changed them, that is fine and no one will be able to get into your MySQL server again.