My SQL Database was created for me back in late 1990's...and I have been updating each month since.
Periodically, through an online admin page, I update two of the tables in the database so that I have a daily news article and monthly article automatically post on site. These have recently been compromised by a hacker. My hosting company restored the database to a last back-up, but they hacked it again.
The hosting company tech emailed this explaination:
"The current problem with your website is caused by your database information is open to the public in your source files. If you would like to correct the issue you will have to change your database access to use better security in your coding. Your database information should be stored at the root level and not inside of the root. You can also use a DSN connectiong and just call the DSN and not the user, pass, IP and port of the database. "
He additionally added that one of the files being called by the database ( a file called [url removed, login to view]) contains the database name and password (which it does). There are (2) other files routinely called by the database that are in the same location. They don't do this work.
I am looking for a bandaid to fix this problem, nothing elaborate or overly involved. Moving the files to a different location and/or redirecting them.
16 freelancers are bidding on average $137 for this job
Hi, I have rich experience on websites against attacks and as security consultant for 1 year in a big company. I can do this within short time and fix the root security holes.
I am an experienced asp and asp.net developer with extensive SQL experience. I am also an MCSE certified engineer specializing in SQL. I am located in the UK.