Home   |   Register   |   Rules   |   Calendar   |   Get Daily   |     |  
 


If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
Go Back  dBforums > Database Server Software > MySQL > Help tracking hacker from MySQL General Log

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 08-14-09, 17:07
veronicab veronicab is offline
Registered User
  
Join Date: Dec 2002
Posts: 12
Help tracking hacker from MySQL General Log
I have some hacker connecting to a database. I am trying to find out how he does this. In the mysql general log, I have detected that when I connect normally from the php pages, the log saves this:

111111 Connect user@localhost on
111111 Init DB dbname

But when this hacker connects, it opens his own connection and saves like this:

222222 Connect user@localhost on dbname

All in one step, not Init DB.

Does this give any hint as to the method he is using to connect? I have been searching and I don't find information about this. Any help will be greatly appreciated.

After he connects, he does show databases, show tables, field list, which seem automatic. Then commands space out, as if a human were typing them.

Thanks for any help.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


 
 
 
Home  |   Register  |   Get New  |   FAQ's  |   Sitemap

Powered by vBulletin
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.