The secure CMS.

Welcome to Geeklog, Anonymous Sunday, December 22 2024 @ 06:41 am EST

Geeklog Forums

Is geeklog vulnerable to THIS?

 New Topic  Post Reply
 01/28/05 11:44am (Read 1,322 times)  

drali

Anonymous
this article

"A worm has been detected that targets open source MySQL databases. It can compromise data and be used to launch a denial of service attack.

The MySQL bot exploits weak MySQL installations on Windows-based platforms. The SANS Institute's Internet Storm Centre said thousands of MySQL databases have been infected so far.

SANS said the MySQL bot takes advantage of weak passwords and the database's support for remote configuration.

The bot uses the known "MySQL UDF Dynamic Library Exploit". In order to launch itself, the bot first has to authenticate to MySQL as the "root" user. A long list of passwords is included with the bot, and it will try a brute force technique to get the password.

"
 Quote
 01/28/05 01:31pm  
Status: offline

ScurvyDawg

Forum User
Full Member
Registered: 11/06/02
Posts: 523
But it is not GeekLog it is MySQL that may be setup to allow these attacks to happen and only on Microsoft systems.

You may want to get the details at the MySQL site. They could better fill you in on what you will need to do to protect yourself.
 Quote
 01/28/05 02:08pm  
Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
As ScurvyDawg said, it's entirely a MySQL problem (actually, a setup problem). There's nothing Geeklog could do.

bye, Dirk
 Quote
 New Topic  Post Reply
All times are EST. The time is now 06:41 am.
  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content