On Fri, 10 Dec 2004 22:00:43 +0000, KJ <kelvinj@xxxxxxxxx> wrote:
5. Joe Hacker has studied the script coz he's a tart that wants to piss people off and he has found a vunerability. 6. Joe Hacker uses the vunerability to change your account passwd. He then logs in as you and deletes all your files. He has access to your mysql password which was in the congif file of phpMyFantasticGuestbook
Why would you allow your MySQL user to connect from anywhere besides your web server? Remote MySQL connections are a big no-no.
No remote connection, quote: "Joe Hacker uses the vunerability to change your account passwd. He then logs in as you and deletes all your files". He's logged onto your box, local connection.
and he deletes all your data, he then leaves a nice index.php in your account to say that he's been by.
Sorry to hear that, I'd recommend you stop using phpMyFantasticGuestbook immediately. And anything else you don't feel paranoid about to audit.
phpMyFantasticGuestbook doesn't actually exist, it was a scenario to try to explain the issue.
Thanks.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
