Malware in database

I got a report these days about a site being flagged as forgery by Google Safebrowsing.  Usually these situations are easy to handle since most of the times there is a flaw of a php script that allow attackers to upload/modify different .php/.js/.css files. Doing a find or restoring the files fixes the problem.

This time I did not find any modified file..but still the sites were being reported to contain malware. Then I’ve checked in the database and seems there were some iframe entries to redirect  to some malware sites. Truncating and reimporting the affected tables solved the issue.

Question remains : is there any malware scanner for databases? What if instead of a iframe some hardcoded strings are set..most likely I would have missed those.

Repair a Mysql database

When we try to repair a MySQL database we can stop the service. If you are using the MyISAM engine I recommend using myisamchk. A basic repair sentence could be like this:

myisamchk -r -q -p -v –sort_buffer_size=2000M /var/lib/mysql/database/table.MYI

The used parameters are the following:

* -r recovery mode
* -q quick recovery, the most common one. If this mode does not work you will have to make some research on your own.
* -p creates the keys to be repared in parallel threads.
* -v verbose mode
* –sort_buffer_size= use this to indicate the size of the buffer to sort the keys. If you do not specify this value, or the value you specify is too small, then you will see something like this myisamchk: error: myisam_sort_buffer_size is too small. To solve this just increment the size of the buffer to be used, if the error always appear then you have a extremely big table.

Error : Database Error: Unable to connect to the database:The MySQL adapter “mysql” is not available.

Got this error :

Database Error: Unable to connect to the database:The MySQL adapter “mysql” is not available.

There are some reasons why this occurs:

– php-mysql not installed
– php admin flags wrong set
– wrong suphp configuration, handlers should be:

[handlers]
;Handler for php-scripts
x-httpd-php=”php:/usr/bin/php”

;Handler for CGI-scripts
x-suphp-cgi=”execute:!self”

Change mysql password

Setting up mysql password is one of the essential tasks. root user is MySQL admin account. Please note that Linux / UNIX login root account for your operating system and MySQL root are different. They are separate and nothing to do with each other (indeed some admin removes root account and setup admin as mysql super user).

Mysqladmin

If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To setup root password for first time, use mysqladmin command at shell prompt as follows:

$ mysqladmin -u root password NEWPASSWORD

However, if you want to change (or update) a root password, then you need to use following command

$ mysqladmin -u root -p oldpassword newpass

Enter password:

To change a normal user password you need to type (let us assume you would like to change password for user):

$ mysqladmin -u user -p oldpassword newpass

$ mysqladmin –user=root –password=’my_old_password’ password ‘my_new_password’

Change using mysql sql command

This is another method. MySQL stores username and passwords in user table inside MySQL database. You can directly update password using the following method to update or change password for user test:

1) Login to mysql server, type following command at shell prompt:

$ mysql -u root -p

2) Use mysql database (type command at mysql> prompt):

mysql> use mysql;

3) Change password for user vivek:

mysql> update user set password=PASSWORD(“NEWPASSWORD”) where User=’test’;

4) Reload privileges:

mysql> flush privileges;
mysql> quit

Remove root pass

mysqladmin -u root -p password ”