Database is hacked over and over again; already cleaned the site for SQL injection

mysql hacking php

The attacker most likely doesn't need to know the password to execute the change - here's how I would address it:

Locate the query function wrapper for your CMS and update it to log to a file and/or send an e-mail whenever a regexp on the query string matches your spam string - include any and all relevant server and CMS variables which may help identify the source of the issue.

Note that you can call debug_backtrace() on PHP 4.3+ to isolate include files if this could be the work of a malicious plug-in.


Probably a leftover injection attack - can you set up a DB trigger to let you know when the record changes again? Then correlated that with your webserver logs - should lead to the culprit immediately.

Also ensure you are logging as much as you can get away with (referrers, etc)

Related

Confused about Intel vPro/AMT technlogies
Improving MySql replication speed
Login failed for "IIS AppPool\ASP.NET v4.0" - SQL Server Web
How to set up a IRC server that logs all messages?
Best cat6 patch panels? Is price really a factor?
What is the function in Windows similar to Inode in Linux?
SSH reverse DNS lookup
Forwarding RDP via a Linux machine using iptables: Not working
How to force background colour with GPO centred wallpaper?
zpool import on a 50TB volume is taking forever: What is it doing?
What is the difference between apachectl and httpd.worker?
Cannot connect to a VPN server - authentication failed with error code 691