MySQL Databases Hacked???

**rome9t9** · 17 December, 2010, 03:45 AM

Ok, first off, I don't know anything about databases and site management. I was in my cpanel and wanted to remove few databases that didnt get deleted while uninstalling wordpress.

I looked in to the "Remote Database Access Hosts" and found two Access Hosts. I have never given access to anyone to my databases. I have attached the screenshot below.

Though I've removed both of them I want to know is there anything I should be worried about??? I rarely log into my cpanel and there's nothing much I do there. However, I do remember, few months back, asking my host to move me to another server as the one I was using was slow.

Also, few days ago my host moved all the sites from their server to cloud computing or something like that. Thats all I know that happened since the time I started hosting with them. Does moving sites involve creation of Access Hosts?

I opened a support ticket with my host and they couldn't figure out how the Access Hosts came and asked me to delete them.

I host 5 sites with them and havent seen anything fishy in any of them. But I don't know how to check the databases for any tampering.

**eXe** · 17 December, 2010, 11:53 AM

192.168.1.* is usually the router or switch's IP and I'm guessing rahul is your username?

**SonnyCooL** · 17 December, 2010, 12:30 PM

yah u have no worry on 192.168.1.* ip, like what exe said, should be ur own connection

**rome9t9** · 17 December, 2010, 13:35 PM

No.. Rahul is not my username or name.. This was the first time I ever checked my Access Hosts.

Can I find any history logs of what changes 'rahul' did???

**SonnyCooL** · 17 December, 2010, 15:13 PM

ask ur host provider ... they should have clearer picture

**eXe** · 17 December, 2010, 15:25 PM

Who/how was the DB set up? If it was moved there is a chance that whoever did the moving created a new dbuser called rahul. Look in your wordpress config file, what's the user/pass used to connect to the db?

You should really take this over to the cpanel forums for a detailed examination. Or PM me details I'll look at it for free.

I doubt that you've been hacked but I'm interested nevertheless, there is of course the possibility. Do update...

As for logs you can get them thru cpanel>> logs>> raw. But I doubt you would find anything useful there if you have indeed been hacked without being specifically targeted.

Edit: While on the subject, check out http://www.zenssh.com/

**rome9t9** · 18 December, 2010, 14:28 PM

I asked my host..they said it might have been created when my host moved me to another server and forgot to delete the access host..it was many months back so the recent logs dont show any data... I asked in the cpanel forum and people there said the same..