Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Alexander2015-04-22 14:05:10
MySQL
Alexander, 2015-04-22 14:05:10

Why can rows be deleted from a database table once a month? How to find a hole?

Greetings!
I have a self-written project in mysql and php.
Once a month, approximately on the same day (+- 1-2 days), some rows are deleted in one of the important tables in the database.
I noticed that these are rows from the beginning of the table. Always the same: from 1 to 3397.
I checked the CRON - I did not find anything suspicious.
Tell me where to dig? How to find "hole"?
I have no experience in this matter, thanks!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
A
Andrew, 2015-04-22
@dredd_krd

You can check the code and analyze all queries that start with DELETE and figure out under what conditions in the given code they can be executed to match the problem that is being shown.
Rows themselves cannot be deleted, so something is definitely deleting them. And if so, then the problem must be somewhere on the surface

Report
R
Rodion, 2015-04-22
@Rodionc

Imho, you can enable query logging and you will immediately see who and what query deleted what data -

Report
A
Andrey Mokhov, 2015-04-22
@mokhovcom

the question is clearly designed for telepaths...
check the cron of other users of the system, look at Apache logs, pick the logic of the system

Report
R
Roman Mirilaczvili, 2015-04-24
@2ord

In my opinion, the order should be:
1. First you need to know the access rights of all users to MySQL
2. To be sure, you should change the user's password (I hope not root is used)
A DB user who tries to connect again in an unauthorized way will get a bummer .
3. Restricting user access to MySQL
Ideally, the user with whom the program connects to the database should have only the privileges necessary for correct operation. You can restrict it both by the network address of the host, by specifying a static IP address, and not the "%" mask. You can also restrict user access to MySQL starting from a private database (database / schema) to the level of individual tables and even columns.
2.12.4 Securing the Initial MySQL Accounts
4. As already advised earlier, you need to find all DELETE requests in the program.
In addition, pay attention to the history of commands in mysql_history
5. It would be nice to consult with experts in this database.

Report
M
Mikhail Yesenin, 2019-01-17
@mirzok

The first is to analyze the logs. Perhaps you will see requests through which some attackers are trying to hack you, and the results are data deletion. Query logging was also given good advice above.
Since the project is self-written, it must be checked for vulnerabilities. At a minimum, with a code scanner like AI-Bolit, and on holes outside with the help of online tools like detectify.com, metascan.ru.
Restrict, of course, the rights to delete. And change access just in case, suddenly someone periodically comes to you and deletes data? ;)

Similar questions
G
gargamel12021-04-18 00:54:18
Working with multiple telebot keyboards? 1Reply
R
Roma Kotolup2021-04-28 13:25:11
How to remove shortcut in windows? 4Reply
E
emerysh2017-06-09 00:18:28
How to compare fields from different tables? 1Reply
R
ReD2017-06-20 15:59:52
mod_rewrite module is now integrated into Apache? 2Reply
A
azaza2019-12-08 08:37:49
Opencart owl carousel margin option not working? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question