Shared servers

There is a problem having your website hosted on a shared server, which is that you really need to trust your webhost. So I was rather shocked today when installing phpMyAdmin that without configuring the config.inc.php file I was able to login to the mySQL database.
Not only that but I could see the names of every table on my server. Now this has happened before, but any attempts to view these tables resulted in errors, but this time I was able to view any table, read all the content and even edit a random persons blog post (don’t worry, I undid the changes).
Of any security issue this was a big one, I could have gained access to a large number of wordpress blogs, and if I looked I’m sure I could have found a forum with usernames, emails and md5 hashes of passwords.
However I’m not out for “hacking”, so I contacted my webhost and shortly after as password was added to the mysql root.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Human test: Enter Ryan backwards