Apache Friends Support Forum
It is currently 06. September 2010 01:57

View unanswered posts | View active topics


Board index » Apache Friends in English » XAMPP for Windows

All times are UTC + 1 hour




Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 
  Print view Previous topic | Next topic 
Author Message
MikesTooLz
 Post subject: I'm guessing I got hacked.
PostPosted: 21. June 2007 18:19 
Offline

Joined: 21. June 2007 18:09
Posts: 7
My server stoped a couple time so I checked to make sure everything was ok.

As far as the websites go, everything is working fine. They can access the Databases and everything like normal.

I try to log into phpmyadmin to get a better look at the databases and this message pops up.

Code:
#1045 - Access denied for user 'pma'@'localhost' (using password: YES)


I opened up the config.inc.php and found this.

Code:
$cfg['Servers'][$i]['controlpass']   = 'ShitFace';


Someone changed the password for pma to ShitFace. I don't remember what it was set to before and all passwords I've tried fail.

What should I do and how do I prevent them from doing it agian?


__________edit________
I also noticed
Code:
$cfg['Servers'][$i]['auth_type']     = 'config';

and changed it to cookie. This let me login to phpmyadmin.
Once I was loged in I looked at the pma user and it had a blank password so I changed that and set it in the config.inc.php

The pma account was also granted access to shut down the server. Im guessing this is why it would stop.
Top
 Profile  
 
Rhodesia
 Post subject:
PostPosted: 24. June 2007 23:07 
Offline
User avatar

Joined: 31. May 2006 05:02
Posts: 13
FIRST, tell me, did you change or rather set the MySQL root user's password in the xampp/security file?

To be safe, you can drop the root user all together (if you want to...)
FIRST login to phpmyadmin, click the priviledges link in the right window, click the root user and scroll down to the part that says;
Change Login Information / Copy User
Change the root username to a different name, then set a password using textfield, retype it to verify it is the same, then at the bottom of the right frame Create a new user with the same privileges and ... keep the old one.

Reload priviledges for the server.

Once your new user is created logout as the root user and then login to the server as the new user you just created, click priviledges and delete the root user account. (NOTE: you will need to change any connections to the database in your website scripts to reflect the new user and password since root no longer exists)

Now, onto your problem...
PMA user password is blank by default, you should leave it set as you have done to be safe. It is also allowed to shutdown the server, you can deny PMA that priviledge, but now you password protect that user you will be safe from future problems.

Leave the settings as you have now changed them, that is fine and no one will be able to get into your MySQL server again.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 2 posts ] 

Board index » Apache Friends in English » XAMPP for Windows

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 10 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group