Go Back   EQEmulator Home > EQEmulator Forums > General > General::General Discussion
Reload this Page Remote Attack!

General::General Discussion General discussion about EverQuest(tm), EQEMu, and related topics.
Do not post support topics here.

Reply
 
Thread Tools Display Modes
  #1  
Old 11-07-2009, 11:59 PM
Shin Noir's Avatar
Shin Noir
Legendary Member
  
Join Date: Apr 2002
Location: Seattle, WA
Posts: 506
Default
http://www.securityfocus.com/infocus/1726

Yeah, i'm not even sure how you set up your mysql user accounts, but it's pretty obvious you didn't 1) disable the ability of users to remotely access your database, 2) using a generic easy to guess password.

Navicat is just a MySQL query tool, your problem lies within how you configured MySQL, not in any program. May want to read up security practices in MySQL to understand your folly, and review all your configurations. Then top it off with reading how to disable other means of connection except for what you use (remote desktop, etc)

But did you seriously think you WOULDN'T GET remotely attacked when you simply connect to navicat and you have full access to your SQL database? :o
/scared

As Rogean said, user error.
__________________

~Shin Noir
DungeonEQ.com
Reply With Quote
  #2  
Old 11-08-2009, 08:02 AM
Secrets's Avatar
Secrets
Demi-God
  
Join Date: May 2007
Location: b
Posts: 1,449
Default
This sounds like a layer 8 problem for sure. I advise you use the OSI Model to solve this issue.
Quote:
Step 1, Physical Layer. Is your computer plugged in? Yes, it must be, someone got access to it. This must not be an issue.

Step 2, Data Link Layer. Is the attacker on my local network? Yes, because they got to:

Step 3, Network Layer. Is the attacker remotely attacking us? Yes. Let's check the layers to make sure this is the problem.

Step 4, Transport Layer. Is the port open? Yes, MySQL is open to the public. This could be a problem, especially if you have no password for MySQL.

Step 5, Session Layer. Is there a session opened for the communication? Yes, because with the information provided, they attacked you.

Step 6, Presentation Layer. Any encryption, etc? What file format was the attack in? Probably plain text, and you had no password to begin with. Oops.

Step 7, Application Layer. They got to MySQL on the other side, and you probably had a service running that allowed access to your computer from Windows. Or they used Navicat to start services. Either or, this leads us to:

Step 8 (?), User or Political Layer, "I HAD NO PASSWORD, NO SECURITY, NO NOTHING AND YET I GOT HACKED WTF?! WHAT IS THIS I DONT EVEN"
I hope that was informative to you for securing your server next time.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

   

All times are GMT -4. The time now is 07:15 AM.

EQEmulator - Archive - Top

 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3