UBB.threads PHP Forum Software Community Forums UBB.threads 6 Version 6 Support What needs to be altered to change the database password/access details?

What's the procedure for changing the password?

I take it this would be a wise step after having a server hacked, no?

I would think so, the DB name and password is all over config files - unencrypted. I used to be able to run a perl script in my directory executing system commands which gave me access to all other accounts on the same server. I was able to read any file anywhere is I wanted to. Now it is all tight though.

Darn, so what are all the steps that I have to take to make my Threads database secure again?

Well it depends on how much you're concerned about extra security. If you have a Control/Admin Panel provided by your hosting company, you can change DB password in there and then in config.inc.php file.

You can also remove DB information from config.inc.php altogether and place it in separate file

<?php
$config['dbtype'] = "mysql";
$config['dbserver'] = "localhost";
$config['dbuser'] = "blah";
$config['dbpass'] = "blahblah";
$config['dbname'] = "blah";
?>

behind public html directory, you should have some sort of protected folder provided by your hosting company. Then you can include this separate file in the config.inc.php

include("/usr/home/blahblah/protected/separateconfig.php");

However, if you save threads configuration from the CP it will overwrite config.inc.php to its original condition, so you will have to modify CP as well (*sigh*)

I suppose if you're on Unix you can move config.inc.php into protected directory and tell your server to look for it there, via symlink or something.

I would personally just change the password, but then again I do not know your set up, so never mind.

Many thanks! So the minimum I should do is change the password in CPanel and in the config.inc.php file, right?

Before that I should just shut down the board, change the password in these two places (in any order), and then reopen it?

Yeah, you can change the password from .threads CPanel by going to DB,Paths & URLs, then you do not need to touch config.inc.php at all it will all be done for you. This will be the password that .threads uses to access your database. But most importantly you have to be able to change the password for the actual database as well, and this should be possible from the CPanel provided to you by your hosting company.

So yeah, shut the board, change the database password using CP provided by your hosting company, then change the password using CP provided by UBB.threads, open the board.

Either I am truly blind or I cannot see the option to change the password in CPanel under MySQL.

Do I actually need to delete the user... and then add the user again?

Some hosts provide an option to have separate passwords for FTP, DB, Mail and CP. If this is the case then you should have an option for just DB password change. However, there is a possibility that you have a single password for everything. You should better ask your hosting company how to change your DB password before you do anything.

The password is separate, but in CPanel when I click on MySQL I can't see the option to change a database user's password... hmmm..

You need to be in the phpmyadmin portion inside the cPanel mysql page to make the changes. There's a link for it in there somewhere.

Actually, a lot of hosts do not allow changing of the servers sql password within phpmyadmin (as with creating a new database) and it needs to be changed within the hosts control panel itself.

As for within threads, you can just adjust the config file manually, or the option within the configuration pages (I don't have a .t install available to me at the current moment to lookup the exact location offhand, but it should be one of the first links in the .t control panel).

Ok, here's another question which worries me a lot more...

How come when I log into WHM and go into the MySQL functions I have an option to change the user password.... but most of the names listed shouldn't even be there?

You'd have to ask your webhost, as the WHM contorl panel has nothing to do with UBB (or Groupee in genreral).

Can I find out from the WHM what account (I run a dedicated server) that database user is on?

It should list, somewhere, the various MySQL users and the databases that they have access too; unfortunately without knowning the CP in question it makes it slightly hard to give any exact information...

It should have a link, somewhere, to edit the MySQL variables (as any good GUI cp does).

WHM should have a link to phpMyAdmin - the name of the database will be prefaced with the account username.

So if the database username is joe and the account name is mysite the username really will be mysite_joe on a Cpanel server.