The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Security Alert!

Discussion in 'Security' started by sexy_guy, Apr 6, 2003.

  1. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Howcome everyone can see everyones databases when they load phpMyAdmin from their control panel?

    Something is not right, the permissions are screwed up with the MySQL 4.x upgrade!!
     
  2. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    Yeah, does anyone know how to fix this ? :(
     
  3. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    They should have a /scripts/fixmysql/ but i dont see anything. This is crazy!
     
  4. purplepaws

    purplepaws Well-Known Member

    Joined:
    Jan 15, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    mmm...anyone submitted a ticket to cpanel yet????
     
  5. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Well where is Cpanel located? I though they were in the USA and if im correct they are only 3hrs ahead of me and i am in California, which would make it 3:30am in the morning there. Howcome the forum says 10:30am GMT? It cant be 10:30am in the morning where they are. They are locate in the USA!, so a TT will not help us right now if my calculations on their time zone is correct.
     
    #5 sexy_guy, Apr 6, 2003
    Last edited: Apr 6, 2003
  6. purplepaws

    purplepaws Well-Known Member

    Joined:
    Jan 15, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    anyhting we can do? was this an edge release?

    can we update again on a release version and will that downgrade mysql?
     
  7. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Thats a thought but i dont know this is really problematic. I dont want my users seeing all our other users db's. What version would you downgrade to? R? Probably you could try the R release if you wanted to but would this be wise? I cant answer this question all i can say this is a pittyful mistake.
     
  8. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    And the worst part of the whole thing is that somebody could select your db then select DROP!

    Terrible!
     
  9. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Thats a thought but i dont know this is really problematic. I dont want my users seeing all our other users db's. What version would you downgrade to? R? Probably you could try the R release if you wanted to but would this be wise? I cant answer this question all i can say this is a pittyful mistake.
     
  10. purplepaws

    purplepaws Well-Known Member

    Joined:
    Jan 15, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    is there a way that myphpadmin access can be stopped in the short term.
     
  11. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    I doubt that will work.

    It doesn't matter which cpanel version you are running, since mysql upgraded because of /scripts/upcp.

    I think the only thing you can do is delete mysql 4 (rpm -e )
    and install mysql 3 again.
    But since I've never done this I can't tell you how to do this exactly.

    What I will do is just wait until it is fixed.
     
  12. purplepaws

    purplepaws Well-Known Member

    Joined:
    Jan 15, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    yup, but in the time it takes to fix, is it not possible that a user could delete others databases?
     
  13. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    I said they were 3hrs ahead of me, which makes it enough time for anyone to delete anything. We dont all live in the same time zone!
     
  14. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Well it says its 11:25am GMT so if that is true then this problem should be fixed but i doubt that is the case at all. Its 3:32am here so it would be 6:32am there and they are busy taking showers and powering their puffs and drinking coffee and having cigarettes. And being Sunday are they even working? I doubt they are unless but some miracle someone decides to read a TT. So dont expect fixes for quite a few more hours, if at all, because i think it wont be at least 2 or more hours before they even get any TT's and thats if they decided to read the important ones first!
     
    #14 sexy_guy, Apr 6, 2003
    Last edited: Apr 6, 2003
  15. purplepaws

    purplepaws Well-Known Member

    Joined:
    Jan 15, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    i think you will find that you have the forums set in british time.
     
  16. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    They are in England? Does anyone know? I though they were in the USA then i was misinformed. Wherever they are i hope they get this fixed, and soon!
     
  17. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    No they are not in England, the time is set on GMT, which is what you would normally set it on when you have visitors worldwide.

    I believe there is only 1 'office' open on Sundays, it was mentioned some time ago on this forum.
     
  18. purplepaws

    purplepaws Well-Known Member

    Joined:
    Jan 15, 2002
    Messages:
    153
    Likes Received:
    0
    Trophy Points:
    16
    bit of a strange time to put out quite a major update, when there is no one available to look after any problems.
     
  19. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
     
  20. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Then i was right the DE office is 3hrs ahead of me if that much and its Sunday at 6 or 7am. Good luck on a fix!
     
Loading...

Share This Page