Have I been hacked?

  • My MySQL server usually gets about 50 queries an hour. However, I just noticed that for the last week, it’s been getting several hundred million queries an hour. Unless I’ve been on the front page of Digg, Reddit, and Slashdot at the same time (I wasn’t), I think something fishy is going on. Any help?

Viewing 4 replies - 1 through 4 (of 4 total)

  • Have you checked to see where the queries are coming from, or can you see what the queries themselves are?

    If its coming from the same sources (see you logs), it looks like a DoS attempt.

    Thread Starter xela321

    (@xela321)

    @kmaxwell: I don’t know how to tell where they’re coming from. This is a LAMP set-up so the MySQL server is on the same machine. I don’t have any accounts enabled to talk to outside hosts, just localhost connections. The only queries that look out of place (at first glance) are a lot of blobs being inserted in to wp_secureimage. This information comes from the binary logs.

    @pozhonks: Do you know if there’s a way to tell what username is performing the queries?

    Also, the Apache logs (as interpreted by webalizer) don’t show hundreds of millions of hits to correspond with these queries.

    Who installed the “wp_secureimage” in your database. It is not part of the standard WP installation. What plugins have done that? And what for?
    If it is for some sort of Captcha, I believe the hacker tried to break the captcha protection, and he was maybe successful. Some people says that captcha are useless because hackers know how to get around this protection quite easily.
    So first, change quickly your database password (I hope you’ve already done that).

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Have I been hacked?’ is closed to new replies.

Tags