Hacking

[svankamon]

Hi, i recently wrote a post stating id been hacked. I have since made the following changes to my system in an attempt to avoid this happening again.

Disbled NetBIOS
Blocked TCP/IP Ping in firewall
Updated/checked all/most scripts
Removed an account called ASP.Net (this was in my accounts for my system. I didnt create it so if microsoft didnt or another romote assistance control then i guess it was an hacker?)

Also reinstalled Antivirus/spyware program which was installed incorrectly as well as removing ftp.mydomain for all except the domain i wish to accept ftp logins on.

Ive other things to do including updating mysql to version 5.
About mysql upgrade can i just upgrade and it will save my new databases settings ewtc.?

Any comments on the above would be apreciated.

Cheers and all the best.

[olly86]

It is always advisable to backup your data before performing an upgrade to MySQL, because of the small chance it falls. However, normally the upgrade should b occur smoothly with all your data remaining available to the upgrade.

Blocking TCP/IP Pings in the firewall will have no effect on your security, the ping protocol is simply used as a quick test to see if the remote host exists. They cannot use this port to compromise your security, assuming any security issues are fully patched.

The ASP.Net account is created by Windows during an install of the .NET software packages (version 1, 2, or 3). I don't know why this account is required, but it is probably safe to delete.
_________________
Olly

[svankamon]

Hi, thanks for your responce, much apreciated.

Glad to know the .net account can be deleted cos i did that already, i tend to panic when i see something i didnt create or accept?

Anyways, do you know anything about the ICMP Ping. Aparantly hackers use this protocal. In my firewall ALLOWED are:

ICMP outbound is allowed
ICMPv4 inbound NOT allowed
ICMPv6 inbound NOT allowed

Also does IP Security Protocal (IPsec) need allowing through the firewall.

Im about to backup and install v5 mySQL, il probablty have to install to v4 location with v4 location path so as any scripts i have running will still find the path.

Thanks

[olly86]

I don't know much about the Internet Control Message Protocol (ICMP).

I'm in the same boat, I don't like things working their way in without permission; which is why I don't use any Microsoft software accept Windows XP.

IPsec is a security encapsulation protocol mostly used to establish VPNs (Virtual Private Networks), so if you don't use this service you can block it. If you do need to use it in the fut rue you can unblock it. As a general rule you can block what you want, and if it causes you connection problems, simply unblock the service.

Scripts that access MySQL do not rely on access the database at its installed location, they connect to it through a network connection (either local or across an actual network). But to access your old data you will probably need to install it in to the same location as version 4.

PS: can you tell I'm in easay writing mode? lol
_________________
Olly

[svankamon]

Hi, i installed v5 into same location (after backing up of course) but none of my sites run correctly, they cant access the databse.

Im told to run an upgrade oon my tables but cant figure that out. they say at mysql.com to use command

shell>mysql upgrade [options]

tried that i command line and command not recognized, i dont know anything of this shell. I rekon its a program but i dont have it.? I dont think anyway.?

MAy have to go back to version 4.? Any sugestions. Thanks again.

[olly86]

What's the error your getting from your scripts?

Have you checked to ensue the database user accounts still exist?
_________________
Olly