Thread: Databases

Hello,

I was wondering how databased can be hacked? Do different hosting companies provide better security?
When I say this, I mean how can one get the password to the vps.

Thanks.

Cracking... Which is an art of itself.

shitty php websites is 98% of it, mainly php forums vbulletin and ipb being the big culprits in rsps. the other 2% is usually stupidity or social engineering.

run forums on a separate server, without any access to anything else, lock admin panel to ip and make sure you restrict all the crappy php functions via disable_functions, change any password cipher to bcrypt, script or argon2.

Originally Posted by Stuart

shitty php websites is 99% of it, mainly php forums vbulletin and ipb being the big culprits in rsps. the other 1% is usually stupidity

Alright, but that is webhost. I'm talking about VPS

Originally Posted by Lowkey Skiller

Alright, but that is webhost. I'm talking about VPS

bruteforcing ssh which allows plaintext authentication, bruteforcing rdp with multiple proxies and again stupidity / social engineering. seen hosting companies reset root password from people who have got info from whois and said they lost the password, really that basic.

always lock down any way of controlling the server itself, if you have a static ip using ip restriction or a subnet of your ip if its dynamic, 2step auth anything which makes it so only YOU even if someone else got your password can get on the server.

(a vps can also be a webhost btw)

Originally Posted by Stuart

bruteforcing ssh which allows plaintext authentication, bruteforcing rdp with multiple proxies and again stupidity / social engineering.

(a vps can also be a webhost btw)

So a simple solution to this would be to not buy a very cheap VPS? Buy one from a decent company?

Originally Posted by Lowkey Skiller

So a simple solution to this would be to not buy a very cheap VPS? Buy one from a decent company?

Yes, use someone with history and seen all the tricks before. Do not allow wildcard access to database software too.

Originally Posted by Stuart

Yes, use someone with history and seen all the tricks before. Do not allow wildcard access to database software too.

You know any good VPS hosting companies that I should use?

Originally Posted by Lowkey Skiller

You know any good VPS hosting companies that I should use?

You're welcome to look into our VPS plans here, which are secure enough to run a properly configured MySQL server: [Only registered and activated users can see links. ]

Been running for over 5 years and no complaints over any MySQL exposures as of yet - and I'm sure it'll stay that way

Originally Posted by Terrum

You're welcome to look into our VPS plans here, which are secure enough to run a properly configured MySQL server: [Only registered and activated users can see links. ]

Been running for over 5 years and no complaints over any MySQL exposures as of yet - and I'm sure it'll stay that way

So I want to get something straight. If my webhost and vpshost are two different companies... The hacker can't get my rsps database that is on my vps, right? Unless he tries to get the forum database, and hopes that the passwords match. Am I correct?