|
Joined: Aug 2004
Posts: 460
Addict
|
Addict
Joined: Aug 2004
Posts: 460 |
What's the procedure for changing the password?
I take it this would be a wise step after having a server hacked, no?
|
|
|
|
Joined: Apr 2006
Posts: 116
member
|
member
Joined: Apr 2006
Posts: 116 |
I would think so, the DB name and password is all over config files - unencrypted. I used to be able to run a perl script in my directory executing system commands which gave me access to all other accounts on the same server. I was able to read any file anywhere is I wanted to. Now it is all tight though.
|
|
|
|
Joined: Aug 2004
Posts: 460
Addict
|
Addict
Joined: Aug 2004
Posts: 460 |
Darn, so what are all the steps that I have to take to make my Threads database secure again?
|
|
|
|
Joined: Apr 2006
Posts: 116
member
|
member
Joined: Apr 2006
Posts: 116 |
Well it depends on how much you're concerned about extra security. If you have a Control/Admin Panel provided by your hosting company, you can change DB password in there and then in config.inc.php file.
You can also remove DB information from config.inc.php altogether and place it in separate file
<?php $config['dbtype'] = "mysql"; $config['dbserver'] = "localhost"; $config['dbuser'] = "blah"; $config['dbpass'] = "blahblah"; $config['dbname'] = "blah"; ?>
behind public html directory, you should have some sort of protected folder provided by your hosting company. Then you can include this separate file in the config.inc.php
include("/usr/home/blahblah/protected/separateconfig.php");
However, if you save threads configuration from the CP it will overwrite config.inc.php to its original condition, so you will have to modify CP as well (*sigh*)
I suppose if you're on Unix you can move config.inc.php into protected directory and tell your server to look for it there, via symlink or something.
I would personally just change the password, but then again I do not know your set up, so never mind.
|
|
|
|
Joined: Aug 2004
Posts: 460
Addict
|
Addict
Joined: Aug 2004
Posts: 460 |
Many thanks! So the minimum I should do is change the password in CPanel and in the config.inc.php file, right?
Before that I should just shut down the board, change the password in these two places (in any order), and then reopen it?
|
|
|
|
Joined: Apr 2006
Posts: 116
member
|
member
Joined: Apr 2006
Posts: 116 |
Yeah, you can change the password from .threads CPanel by going to DB,Paths & URLs, then you do not need to touch config.inc.php at all it will all be done for you. This will be the password that .threads uses to access your database. But most importantly you have to be able to change the password for the actual database as well, and this should be possible from the CPanel provided to you by your hosting company.
So yeah, shut the board, change the database password using CP provided by your hosting company, then change the password using CP provided by UBB.threads, open the board.
|
|
|
|
Joined: Aug 2004
Posts: 460
Addict
|
Addict
Joined: Aug 2004
Posts: 460 |
Either I am truly blind or I cannot see the option to change the password in CPanel under MySQL.
Do I actually need to delete the user... and then add the user again?
|
|
|
|
Joined: Apr 2006
Posts: 116
member
|
member
Joined: Apr 2006
Posts: 116 |
Some hosts provide an option to have separate passwords for FTP, DB, Mail and CP. If this is the case then you should have an option for just DB password change. However, there is a possibility that you have a single password for everything. You should better ask your hosting company how to change your DB password before you do anything.
|
|
|
|
Joined: Aug 2004
Posts: 460
Addict
|
Addict
Joined: Aug 2004
Posts: 460 |
The password is separate, but in CPanel when I click on MySQL I can't see the option to change a database user's password... hmmm..
|
|
|
|
Joined: Jun 2006
Posts: 684
Addict
|
Addict
Joined: Jun 2006
Posts: 684 |
You need to be in the phpmyadmin portion inside the cPanel mysql page to make the changes. There's a link for it in there somewhere.
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
Actually, a lot of hosts do not allow changing of the servers sql password within phpmyadmin (as with creating a new database) and it needs to be changed within the hosts control panel itself.
As for within threads, you can just adjust the config file manually, or the option within the configuration pages (I don't have a .t install available to me at the current moment to lookup the exact location offhand, but it should be one of the first links in the .t control panel).
|
|
|
|
Joined: Aug 2004
Posts: 460
Addict
|
Addict
Joined: Aug 2004
Posts: 460 |
Ok, here's another question which worries me a lot more...
How come when I log into WHM and go into the MySQL functions I have an option to change the user password.... but most of the names listed shouldn't even be there?
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
You'd have to ask your webhost, as the WHM contorl panel has nothing to do with UBB (or Groupee in genreral).
|
|
|
|
Joined: Aug 2004
Posts: 460
Addict
|
Addict
Joined: Aug 2004
Posts: 460 |
Can I find out from the WHM what account (I run a dedicated server) that database user is on?
|
|
|
|
Joined: Jun 2006
Posts: 16,299 Likes: 116
|
Joined: Jun 2006
Posts: 16,299 Likes: 116 |
It should list, somewhere, the various MySQL users and the databases that they have access too; unfortunately without knowning the CP in question it makes it slightly hard to give any exact information...
It should have a link, somewhere, to edit the MySQL variables (as any good GUI cp does).
|
|
|
|
Joined: Jun 2006
Posts: 742
enthusiast
|
enthusiast
Joined: Jun 2006
Posts: 742 |
WHM should have a link to phpMyAdmin - the name of the database will be prefaced with the account username.
So if the database username is joe and the account name is mysite the username really will be mysite_joe on a Cpanel server.
|
|
|
Bots
by Outdoorking - 04/13/2024 5:08 PM
|
|
|
|
|
|
2 members (Ruben, 1 invisible),
998
guests, and
205
robots. |
Key:
Admin,
Global Mod,
Mod
|
|
|
|