: A new database user for every database? Hi I have a number of sites on a server. They have been hacked. Now I am looking to update the passwords for the database users. There are quite a
Hi I have a number of sites on a server. They have been hacked. Now I am looking to update the passwords for the database users. There are quite a number of users, as for every website installation I create two users. This is a habit. I have been doing it like this since the beginning days of joomla, when it was necessary. Apart from the hassle of updating the passwords for all of these users, it occurs to me that having so many users implies having so many attack vectors. Can I not use just the same user for all databases and change the password regularly. What would be the ramifications, if any, for the database structure?
More posts by @Rivera981
1 Comments
Sorted by latest first Latest Oldest Best
Rule number 1... never ever share passwords
Sharing username and passwords is considered a bad practice, should it be for internet banking, social media or SQL databases, never use the same password and preferably use a different username. Sharing one password means they only need to hack one password and the vault is open.
Investigate how they got in...
You should first investigate how they got into your server... its much easier to exploit vulnerabilities rather than brute force a password assuming your password does not contain a directory word or a short random password. You should be able to scan through access and error logs to identify the method used. It's pointless using secure passwords if your site is open to attack by other means.
Localhost SQL access only
Furthermore unless your site uses a external cloud based SQL service then it should be impossible for external hackers to brute force their way into the SQL database, since SQL users should be set to "LOCALHOST" only. If they have access to your database then its more likely they have done so through your content management system and not directly to the database itself.
Short Passwords can take be cracked easily
Using a short password could take a few days to crack while a complex password with a good character length can take years. I recommend that you visit Stephen Ostermiller's website: Password Creator, not only will it help you create a complex password, it will estimate how long it would take someone to crack.
WordPress sites
If your site(s) use WordPress then I recommend that you checkout my blog post 10+ ways to stop WordPress Brute Force Attacks.
Summary...
Don't make it easy for hackers, use a different complex password to login to your content management system, a different complex password for the database and a complex password to your hosting package, everything should be complex and everything should be unique and not similar.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.