[DiscordArchive] Looking into it more, this specific hack is not due to malware or any modules, it is commonly a bot
[DiscordArchive] Looking into it more, this specific hack is not due to malware or any modules, it is commonly a bot
Original source
Looking into it more, this specific hack is not due to malware or any modules, it is commonly a bot attack performed by scanning the web for exposed mysql databases and then attempting to log into them with common & default root passwords. This might go without saying, but paying the bitcoin wouldn't even get your data back as the rambler bot only selects a limit of 10-20 rows from each table. Did you ever set the root password for your database? or did you leave it as the default? how did you allow remote connections? did you use strong passwords?
rektbyfaith
04-06-2025, 04:53 AM #1Archived author: Mithria • Posted: 2025-04-06T04:53:03.908000+00:00
Original source
Looking into it more, this specific hack is not due to malware or any modules, it is commonly a bot attack performed by scanning the web for exposed mysql databases and then attempting to log into them with common & default root passwords. This might go without saying, but paying the bitcoin wouldn't even get your data back as the rambler bot only selects a limit of 10-20 rows from each table. Did you ever set the root password for your database? or did you leave it as the default? how did you allow remote connections? did you use strong passwords?
Original source
We went into a deep dive of all possible attack vectors. And then realized we're absolute idiots. We left quite a few ports open during our initial testing because we couldn't get the DBs to communicate with each other on the first run (forgot to save a config). And we didn't think twice leaving all passwords etc on standard because, Jesus...., it's a hobby project for 2 people to play on a closed environment sever with bots.
I wasn't aware of how common bot attacks are. Now I am. I'm setting the new sever up with safety as if it's an actual product with all necessary adjustments.
You guys can feel free to delete my OP if you feel it might be misrepresenting the integrity of your project. You did nothing wrong.
rektbyfaith
04-06-2025, 08:40 AM #2Archived author: Zatch • Posted: 2025-04-06T08:40:20.823000+00:00
Original source
We went into a deep dive of all possible attack vectors. And then realized we're absolute idiots. We left quite a few ports open during our initial testing because we couldn't get the DBs to communicate with each other on the first run (forgot to save a config). And we didn't think twice leaving all passwords etc on standard because, Jesus...., it's a hobby project for 2 people to play on a closed environment sever with bots.
I wasn't aware of how common bot attacks are. Now I am. I'm setting the new sever up with safety as if it's an actual product with all necessary adjustments.
You guys can feel free to delete my OP if you feel it might be misrepresenting the integrity of your project. You did nothing wrong.
Original source
And yeah never even considered paying anything, there's absolutely zero data on that DB that anyone would care about. Even the account names/passwords are just random stuff we made up on the fly for easy acccess
rektbyfaith
04-06-2025, 08:42 AM #3Archived author: Zatch • Posted: 2025-04-06T08:42:13.041000+00:00
Original source
And yeah never even considered paying anything, there's absolutely zero data on that DB that anyone would care about. Even the account names/passwords are just random stuff we made up on the fly for easy acccess
Original source
But it's such a nuisance these things exist man... Can't even have some fun without considering a script ruining it, now I have to build a wall around my hobby projects. Oh boy
rektbyfaith
04-06-2025, 08:43 AM #4Archived author: Zatch • Posted: 2025-04-06T08:43:50.627000+00:00
Original source
But it's such a nuisance these things exist man... Can't even have some fun without considering a script ruining it, now I have to build a wall around my hobby projects. Oh boy
Original source
Yeah I used to host servers for friends with open ports no issue, but mysql databases are targets for attacks because they *could* contain valuable data, so opening the port your db uses requires some protections in place.
do you use docker by any chance?
rektbyfaith
04-06-2025, 08:48 AM #5Archived author: Mithria • Posted: 2025-04-06T08:48:59.089000+00:00
Original source
Yeah I used to host servers for friends with open ports no issue, but mysql databases are targets for attacks because they *could* contain valuable data, so opening the port your db uses requires some protections in place.
do you use docker by any chance?
Original source
Yes, docker
rektbyfaith
04-06-2025, 08:49 AM #6Archived author: Zatch • Posted: 2025-04-06T08:49:13.506000+00:00
Original source
Yes, docker
Original source
docker ignores firewall rules and can freely open ports on its own by default
rektbyfaith
04-06-2025, 08:49 AM #7Archived author: Mithria • Posted: 2025-04-06T08:49:32.502000+00:00
Original source
docker ignores firewall rules and can freely open ports on its own by default
Original source
so you should read up on that
rektbyfaith
04-06-2025, 08:49 AM #8Archived author: Mithria • Posted: 2025-04-06T08:49:43.571000+00:00
Original source
so you should read up on that
Original source
<:harold:957946357191168000>
rektbyfaith
04-06-2025, 08:49 AM #9Archived author: Zatch • Posted: 2025-04-06T08:49:50.886000+00:00
Original source
<:harold:957946357191168000>
Original source
Life can never be easy, can it
rektbyfaith
04-06-2025, 08:50 AM #10Archived author: Zatch • Posted: 2025-04-06T08:50:16.993000+00:00
Original source
Life can never be easy, can it
1 Guest(s)
1 Guest(s)