08-10-2017, 07:34 AM #1
Services to avoid MySQL injection attacks?
From what I know, aside from DDoS, the most common kind of website attacks are due to the execution of custom MySQL injected code. All areas where you can input data and are directly connected to a website's database are potentially exploitable through such code... unless they're properly secured, at least.
Unless you have a deep knowledge of MySQL, it's hard, if not impossible, to think of all the possible security flaws your website might have, so it's best to refer to experts and professional solutions.
Are there any services that can help make your website more secure against MySQL code injection attacks?
08-11-2017, 01:16 PM #2
Here are some tips for you -
1. Use https instead of http - Always use the encrypted connection . So you must have SSL certificate installed on your service.
2. Use Green SQL - It is the proxy for the green database. Your website first connects to GreenSQL instead of your MySQL database directly. It used to forward only legitimate SQL to your database and provided the output in result. It has the list of white-listed databases. If the database entry is not prevent then it will detect it as suspicious entry and will not provide the answer.
3. Update and patch PHP - It always recommended to patch and update the PHP to it's latest version.
4. Never connect using superuser - It's always recommended to connect to database using the superuser, always use the user with privileged access.
5. Use the prepared statements - Use the prepared statements with variables.
Hope this will help you.
08-11-2017, 02:53 PM #3
SQL injection are not a common type of attack, because most part of security vulnerabilities are related to Cross-site scripting (XSS) attack or cross-site request forgery (CSRF).
You can block the most part of attacks by adding the proper security headers to your web server configuration.
You can easily check if security headers are set on your website with securityheaders.io.
About SQL injection, you can use a WAF (Web Application Firewall) like NAXSI for Nginx or ModSecurity for Apache.
Then keep your application up-to-date to not be vulnerable when security issues are discovered
08-12-2017, 04:13 AM #4
There are two main ways to stop SQL injection attacks.
1. Server level :- This is mostly using a WAF or some URL policies by matching the URI in request. In case of WAF, available solutions like ModSecurity rules available already contain some rules to check SQL injection attacks and block them
2. Application Level :- This need some extensive programming skills. But this, you need to analyse the URI in requests at application level and filter it out. For this you need to know the possible SQL Attack patterns against your application.cPGuard - Affordable cPanel Security Suite With Excellent Features
08-12-2017, 09:58 AM #5
Thanks to everyone for your answers! They're all very informative and helpful.
08-12-2017, 10:30 AM #6cPGuard - Affordable cPanel Security Suite With Excellent Features
Replies: 2 | Views: 198Last post by gelotologist, 09-02-2017, 06:40 PM
Replies: 2 | Views: 158Last post by PenguinManiac, 08-12-2017, 10:01 AM
By JOED77 in forum Content Management SystemsReplies: 6 | Views: 297Last post by UltratechHost, 08-18-2017, 05:20 PM
Replies: 7 | Views: 371Last post by PedroCarvalho, 09-01-2017, 02:13 PM
Replies: 5 | Views: 285Last post by Server_Wala, 08-14-2017, 06:59 AM
Replies: 0 | Views: 145Last post by JOED77, 08-10-2017, 02:19 AM
By fantaku292 in forum eCommerce Hosting & DiscussionReplies: 2 | Views: 159Last post by yemzy, 08-10-2017, 09:58 AM
Replies: 9 | Views: 292Last post by Jud, Today, 10:22 AM
Replies: 2 | Views: 157Last post by VirtuBox, 08-10-2017, 01:07 PM
Replies: 0 | Views: 3Last post by Ericka Francisco, Today, 10:39 AM
Replies: 0 | Views: 6Last post by CaygriWEB, Today, 10:26 AM
Replies: 0 | Views: 5Last post by CaygriWEB, Today, 10:16 AM
Replies: 0 | Views: 7Last post by Ericka Francisco, Today, 10:15 AM
Replies: 0 | Views: 8Last post by pamelabiscocho, Today, 07:51 AM
Replies: 2 | Views: 1364Last post by Robert Plummer, 02-24-2017, 02:17 AM
Replies: 30 | Views: 5056Last post by therohost, 01-01-2017, 08:24 PM
Replies: 6 | Views: 1009Last post by StartVM, 12-19-2016, 05:56 AM
By BillEssley in forum Hosting Security and TechnologyReplies: 0 | Views: 955Last post by BillEssley, 09-21-2016, 06:54 AM
By coredump in forum Dedicated ServerReplies: 7 | Views: 1573Last post by GswHosting, 09-12-2016, 08:25 AM