Help! Database Invasion!!! - Webmasters - Nairaland
Nairaland Forum / Science/Technology / Webmasters / Help! Database Invasion!!! (932 Views)
200,000 And 400,000 Nigerian Emails Database / Design Database Driven Websites & Android Mobile Apps No Coding Skill Required (2) (3) (4)
| Help! Database Invasion!!! by Opengates(m): 11:52pm On Jan 17, 2015 |
Hello Everybody in the house, Please I need help before my website is turned to something else by these crooks. I noticed that somebody created tables in my database which is very strange to me, not only that. some of my members' account details were changed. Now, the help I need now is: Is there a way by which I can protect my database data especially sensitive data like emails addresses and payment details? If I use MD5 to encrypt these data, will the system recognize the real data when it comes to processing payments for the members? Please just teach me what to do, I am tired of these rogues. I don't even know if it was coming from my hosting service provider's end or not. PLEASE HELP BEFORE IT IS TOO LATE! Thanks in advance |
| Re: Help! Database Invasion!!! by Nobody: 1:28am On Jan 18, 2015 |
first of all,you shouldn't be using md5 for encryption,it is extremely easy to know the "encrypted value" because it keeps on producing the same "hash" for the same string..Even the folks behind PHP don't recommend it's usage,well if you are using PHP,you should take a look at the "password_hash" function, It doesn't generate the same hash for the same string unlike md5...since it doesn't produce the same value,there's another function that helps you cross-check the hashed value, Password_verify..... You can use it to hash anything NOT only passwords. Filter any input that has to interact with your db.....remove all tags,whitespaces AND escape them with the real escape function.... switch to PDO or mysqli.if you are still using mysql, since mysql extension is deprecated,I really can't tell if it's that one causing problems (Let the ogas come) |
| Re: Help! Database Invasion!!! by adewasco2k(m): 8:06am On Jan 18, 2015 |
You are surprise to see a strange table in your database? really? how did you thing that gets there? you have been hacked bro. also which kind of sensitive data? you made mention of payment details....you really need to do something ASAP. |
| Re: Help! Database Invasion!!! by javijabor1(m): 9:52am On Jan 18, 2015 |
Kindly drop ur site url so we can take a look from the front end and also knw d kind of sensitive data. Did u build it from scratch or u used a cms like wordpress n s likes... Might be sql injection |
| Re: Help! Database Invasion!!! by dwebdesign(m): 12:41pm On Jan 18, 2015 |
SALT your passwords. you can use md5 hash encryption too just that in a more secured way. e.g md5(md5("userspassword".$email)). that means you add your users entered password to the email address and hash them using the md5 encryption. Then you also hash the whole encrypted string. do this you site is secured. Using SALT is also best advice. Also, for better security, MYSQLi is recommended, so it will be best to upgrade your database SQL version. contact: Mobile: 08133884165 WhatsApp: 08133884165 BBM: 2BB63350 http://www.1st-websitedesign.com Am a website developer skilled in languages as: HTML/HTML5, CSS/CSS3, PHP, MYSQL, Javascript/Jquery,JqueryMobile, Ajax. CMS (Wordpress, Joomla, Opencart, Magento, Whmcs, Drupal and Pulse Cms). |
| Re: Help! Database Invasion!!! by spikesC(m): 1:56pm On Jan 18, 2015 |
dwebdesign: Never you double hash a string, it does not help. Download the latest php documentation and learn the best way to store a password. @op; If you do not know programming, then no one can help you with just codes. You need to hire a security expert to find out what's going on and then give his results to a developer to fix your site. It also seems you're storing user's payment details? That's so freaking bad. You've broken so many laws, ethics and code of conduct for doing that. To store user's sensitive payment details, you have to meet some requirements. Please, get a security expert and fix things asap before it gets out of hand |
| Re: Help! Database Invasion!!! by dwebdesign(m): 8:08pm On Jan 18, 2015 |
i just use a string as an example ooo, what i was saying is this: when they enter their passwords, before it is been sent to your database, encrypt the password then append it to the email supplied also encrypted using md5, then you has the whole encyption again. if use crackstation to check, it would not reveal the password string, contact: Mobile: 08133884165 WhatsApp: 08133884165 BBM: 2BB63350 http://www.1st-websitedesign.com Am a website developer skilled in languages as: HTML/HTML5, CSS/CSS3, PHP, MYSQL, Javascript/Jquery,JqueryMobile,Bootstrap Ajax. phpquard CMS (Wordpress, Joomla, Opencart, Magento, Whmcs, Drupal and Pulse Cms). |
| Re: Help! Database Invasion!!! by guru01(m): 11:37pm On Jan 18, 2015 |
@op contact your hosting company to report this issue. Get a professional developer to develop your website. |
| Re: Help! Database Invasion!!! by micodon(m): 1:40am On Jan 19, 2015 |
Defence in Depth: ALWAYS FILTER INPUT FROM USERS BEFORE SAVING. MD5 IS A BAD IDEA FOR HASHING PASSWORDS. CAN BE CIRCUMVERTED USING RAINBOW TABLES. There's bcrypt(uses Blowfish) and SHA512. ALWAYS SALT YOUR PASSWORD. USE PREPARED STATEMENTS. And I do hope you're not talking about information_schema. |
(1) (Reply)
Selling Hosted Adsense Account With $18 Balance / Self Hosted Wordpress .org Vs. Free Wordpress . / How To Be As Successful As Obama And Zuckerberg
(Go Up)
| Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 25 |