MySQL table suddenly disappeared and a func table was created

Hi, everyone. I am not sure if i am writing in the correct group. But
somehow it relates to MySQL, i hope someone can help me.

I am working on a web site which is developed by PHP and MySQL, hosted
by a hosting company. Last week, all tables in MySQL suddenly
disappeared and a "func" table is created there. I never create that
table in my database.

I asked the Hosting company what happened. The staff claimed that
most probably my computer was hacked and someone use the admin
password to delete all the tables. Or another possiblity is someone
use SQL injection to grab the database control through the web site.

So i follow their instruction to check my web log to see if any
suspected access and also i checked my program if there is hole for
SQL injection. But seems that is not the reason. Then i checked if
my computer is hacked. No signal that my computer was hacked.

Now they helped me to restore the database. But since the reason is
still unknown. It may happen again. I am wondering if anyone had
same problem before. I am appreciate if any feedback on this issue.
I really want to know the reason for the problem and try to prevent
it.

My local environment:
MacBook with Mac OS X 10.4.9
Using Aqua Data Studio to connect remote MySQL

Thanks for advanced.

Priscilla

Re: MySQL table suddenly disappeared and a func table was created

>I am working on a web site which is developed by PHP and MySQL, hosted
>by a hosting company. Last week, all tables in MySQL suddenly
>disappeared and a "func" table is created there. I never create that
>table in my database.

"func" is a table that appears in the "mysql" database to support
user-defined functions. Or it could be something entirely unrelated
except for the name.

>I asked the Hosting company what happened. The staff claimed that
>most probably my computer was hacked and someone use the admin
>password to delete all the tables. Or another possiblity is someone
>use SQL injection to grab the database control through the web site.

Possible. You do have backups, don't you? Of the site, the database,
*AND* the hosting company.

>So i follow their instruction to check my web log to see if any
>suspected access and also i checked my program if there is hole for
>SQL injection. But seems that is not the reason. Then i checked if
>my computer is hacked. No signal that my computer was hacked.
>
>Now they helped me to restore the database. But since the reason is
>still unknown. It may happen again. I am wondering if anyone had
>same problem before. I am appreciate if any feedback on this issue.
>I really want to know the reason for the problem and try to prevent
>it.

There are a number of unlikely WHOOPS!! happenings that could happen.
A sector going bad or getting scribbled on during a power failure
(or employee tripping over power cord, or resetting the wrong
machine) could account for it.

Do you know what OS the MySQL server machine is running?

Re: MySQL table suddenly disappeared and a func table was created

That's kinda curious that you web host's first suggestion would be they
were cracked. I would think they would not want to spread that.

Anyway, it was a good idea to check the logs, but my first thinking would
be hard\software glitch. Crackers tend to leave evidence. They want you
to know they did something.

I am by no means a MySQL or PHP guru but since I tend to do stupid things
to my files,like deleting the wrong one, I would check to see if there is
a way you code could have overwritten the tables. Could it be that someone
else's code\site on your web host hit you pages?

You also might find out what other kinds of things were done,
backup\restore of data or a hardware replacement even if it was not the
server your site is on. It could be related some how.

Sorry I could not give the magic bullet to fix you issue.

With that said check out this link. It mentions something about a
vulnorability
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/008 3.html

Bill

On Sun, 01 Apr 2007 22:04:52 -0700, wongwaichi wrote:

> Hi, everyone. I am not sure if i am writing in the correct group. But
> somehow it relates to MySQL, i hope someone can help me.
>
> I am working on a web site which is developed by PHP and MySQL, hosted by
> a hosting company. Last week, all tables in MySQL suddenly disappeared
> and a "func" table is created there. I never create that table in my
> database.
>
> I asked the Hosting company what happened. The staff claimed that most
> probably my computer was hacked and someone use the admin password to
> delete all the tables. Or another possiblity is someone use SQL injection
> to grab the database control through the web site.
>
> So i follow their instruction to check my web log to see if any suspected
> access and also i checked my program if there is hole for SQL injection.
> But seems that is not the reason. Then i checked if my computer is
> hacked. No signal that my computer was hacked.
>
> Now they helped me to restore the database. But since the reason is still
> unknown. It may happen again. I am wondering if anyone had same problem
> before. I am appreciate if any feedback on this issue. I really want to
> know the reason for the problem and try to prevent it.
>
> My local environment:
> MacBook with Mac OS X 10.4.9
> Using Aqua Data Studio to connect remote MySQL
>
> Thanks for advanced.
>
> Priscilla

Re: MySQL table suddenly disappeared and a func table was created

Gordon, thanks for your comment. I don't know what OS the MySQL
server machine is running.. But my web plan is using window server.
Maybe the MySQL server is also on Window platform.

Priscilla

On 4月4日, 午前8:25, gordonb.1v...@burditt.org (Gordon Burditt) wrote:
> >I am working on a web site which is developed by PHP and MySQL, hosted
> >by a hosting company. Last week, all tables in MySQL suddenly
> >disappeared and a "func" table is created there. I never create that
> >table in my database.
>
> "func" is a table that appears in the "mysql" database to support
> user-defined functions. Or it could be something entirely unrelated
> except for the name.
>
> >I asked the Hosting company what happened. The staff claimed that
> >most probably my computer was hacked and someone use the admin
> >password to delete all the tables. Or another possiblity is someone
> >use SQL injection to grab the database control through the web site.
>
> Possible. You do have backups, don't you? Of the site, the database,
> *AND* the hosting company.
>
> >So i follow their instruction to check my web log to see if any
> >suspected access and also i checked my program if there is hole for
> >SQL injection. But seems that is not the reason. Then i checked if
> >my computer is hacked. No signal that my computer was hacked.
>
> >Now they helped me to restore the database. But since the reason is
> >still unknown. It may happen again. I am wondering if anyone had
> >same problem before. I am appreciate if any feedback on this issue.
> >I really want to know the reason for the problem and try to prevent
> >it.
>
> There are a number of unlikely WHOOPS!! happenings that could happen.
> A sector going bad or getting scribbled on during a power failure
> (or employee tripping over power cord, or resetting the wrong
> machine) could account for it.
>
> Do you know what OS the MySQL server machine is running?