Re: Hacked after installation of mysql on windows 2003 server?

From: tanyi (nids_at_gd.gov.cn)
Date: 03/11/05

  • Next message: sdfsdf: "can't access the netlogon folder" 
    Date: Fri, 11 Mar 2005 09:36:22 +0800

    http://www.securiteam.com/unixfocus/6E00T0KC0U.html
    see this, i think your box have this hole
    "Covani" <covani@betken.com> ????
    news:%23oDcgFaJFHA.3064@TK2MSFTNGP12.phx.gbl...
    > Hello,
    >
    > I have installed MySQL and phpmyadmin to my Windows 2003 Standart server
    > yesterday. I've entered a root password and had successfull created some
    > databases. Also I have installed Php 4 on the server.
    >
    > Today I had a big problem on my server, because all the files starts
    > with 'user' were deleted (users.dat, users.mdb, user.frm etc) Mailserver
    > didn't work anymore because there was a missing file named users.dat etc.
    >
    > After that I tried but I wasnt be able to create any files wherever
    > starts with 'user'. I tried on command prompt, but cmd.exe was changed
    > as Windows 2000 polish version. If typed 'ver' on command line, get
    > Windows 2000 Server etc.. with some polish words.
    >
    > I thought the server was hacked. Symantec Antivirus Corporate was up to
    > date but I think it was caused the new mysql installation and I did
    > something wrong.
    >
    > Now I have scanned the server with Symantec again but nothing found. I
    > still can't be able to create files/folders starts with 'user' and
    > reinstalling mysql doesnt work too.
    >
    > Do you have any idea about the issue? or did hear something like that?

  • Next message: sdfsdf: "can't access the netlogon folder"

    Relevant Pages

    • RE: MySQL/PHPMyAdmin on FC3 Connection Problem
      ... // You can disable a server config entry by setting host to ''. ... MySQL server ... MySQL control user settings ... table to describe the display fields ...
      (Fedora)
    • Re: Need Help setting up Mysql on Openserver 6.0
      ... > mysql> status ... > Server characterset: latin1 ... to make the proper selection during installation. ... was installed first in partition 1 and 6.0 was later installed in partition 2) ...
      (comp.unix.sco.misc)
    • Re: KDE is now broken (Fwd: Heads-up: KDE4 hitting testing tonight (UTC) )
      ... don't want to run an akonadi server either, ... KDE 4.0 was available. ... kmail) and I do not have a mysql server installed. ...
      (Debian-User)
    • Re: Using Access for web application?
      ... Any suggestions as to which newsgroup would be more ... The server that the web app will use in this case, ... > which technology you will decide to use as the Web server (Linux or Windows) ... Instead MySQL is being ...
      (microsoft.public.access.dataaccess.pages)
    • [UNIX] phpMyAdmin PHP Code Injection (left.php)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... phpMyAdmin is "web-based MySQL ... does not prevent a malicious user from altering the servers configuration ... server configurations to the list of servers configuration by adding ...
      (Securiteam)
    • Quantcast