Web Hosting Forum Login
Not a member yet? Sign up

Services to avoid MySQL injection attacks?

  • FORUMS
  • WEB DESIGN
  • WEB HOSTING OFFERS
  • ADVERTISING
  • WEB HOSTING
  • REQUEST A HOST
  • BEST WEB HOSTING
  • QUICK MENU
  • REGISTER HERE - Join us for FREE
Results 1 to 6 of 6
  1. #1
    Join Date
    Jun 2017
    Posts
    59
    Thanks
    2
    Thanked 1 Time in 1 Post
    Thumbs Up/Down
    Received: 5/0
    Given: 8/0

    Services to avoid MySQL injection attacks?

    From what I know, aside from DDoS, the most common kind of website attacks are due to the execution of custom MySQL injected code. All areas where you can input data and are directly connected to a website's database are potentially exploitable through such code... unless they're properly secured, at least.
    Unless you have a deep knowledge of MySQL, it's hard, if not impossible, to think of all the possible security flaws your website might have, so it's best to refer to experts and professional solutions.

    Are there any services that can help make your website more secure against MySQL code injection attacks?

  2. #2
    Join Date
    Jul 2017
    Location
    Nashik, Maharashtra, India
    Posts
    408
    Thanks
    2
    Thanked 15 Times in 14 Posts
    Thumbs Up/Down
    Received: 80/0
    Given: 6/0
    Here are some tips for you -

    1. Use https instead of http - Always use the encrypted connection . So you must have SSL certificate installed on your service.

    2. Use Green SQL - It is the proxy for the green database. Your website first connects to GreenSQL instead of your MySQL database directly. It used to forward only legitimate SQL to your database and provided the output in result. It has the list of white-listed databases. If the database entry is not prevent then it will detect it as suspicious entry and will not provide the answer.

    3. Update and patch PHP - It always recommended to patch and update the PHP to it's latest version.

    4. Never connect using superuser - It's always recommended to connect to database using the superuser, always use the user with privileged access.

    5. Use the prepared statements - Use the prepared statements with variables.


    Hope this will help you.
    Server Management Company
    India's Leading Managed Service Provider | Skype: techs24x7
    Cpanel Technical Discussions - Lets talk !

  3. #3
    Join Date
    May 2016
    Location
    France
    Posts
    1,294
    Thanks
    68
    Thanked 284 Times in 227 Posts
    Thumbs Up/Down
    Received: 666/1
    Given: 261/0
    Quote Originally Posted by 24x7servermanageme View Post
    Here are some tips for you -

    1. Use https instead of http - Always use the encrypted connection . So you must have SSL certificate installed on your service.

    2. Use Green SQL - It is the proxy for the green database. Your website first connects to GreenSQL instead of your MySQL database directly. It used to forward only legitimate SQL to your database and provided the output in result. It has the list of white-listed databases. If the database entry is not prevent then it will detect it as suspicious entry and will not provide the answer.

    3. Update and patch PHP - It always recommended to patch and update the PHP to it's latest version.

    4. Never connect using superuser - It's always recommended to connect to database using the superuser, always use the user with privileged access.

    5. Use the prepared statements - Use the prepared statements with variables.


    Hope this will help you.
    I do not see how https will protect a website against SQL Injection ?
    SQL injection are not a common type of attack, because most part of security vulnerabilities are related to Cross-site scripting (XSS) attack or cross-site request forgery (CSRF).

    You can block the most part of attacks by adding the proper security headers to your web server configuration.
    You can easily check if security headers are set on your website with securityheaders.io.

    About SQL injection, you can use a WAF (Web Application Firewall) like NAXSI for Nginx or ModSecurity for Apache.
    Then keep your application up-to-date to not be vulnerable when security issues are discovered
    VirtuBox- Managed VPS Hosting
    Web Infrastructure management
    Scalable Web Platform consulting

  4. #4
    Join Date
    Jun 2017
    Posts
    64
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Thumbs Up/Down
    Received: 22/0
    Given: 0/0
    There are two main ways to stop SQL injection attacks.

    1. Server level :- This is mostly using a WAF or some URL policies by matching the URI in request. In case of WAF, available solutions like ModSecurity rules available already contain some rules to check SQL injection attacks and block them

    2. Application Level :- This need some extensive programming skills. But this, you need to analyse the URI in requests at application level and filter it out. For this you need to know the possible SQL Attack patterns against your application.
    cPGuard - cPanel Security Suite - Enhanced Security For Your WordPress/Joomla Websites
    Virus Scanner || Commercial WAF Rules || RBL Checker || Brute-Force Protection

  5. #5
    Join Date
    Jun 2017
    Posts
    59
    Thanks
    2
    Thanked 1 Time in 1 Post
    Thumbs Up/Down
    Received: 5/0
    Given: 8/0
    Thanks to everyone for your answers! They're all very informative and helpful.

    Quote Originally Posted by 24x7servermanageme View Post
    Here are some tips for you -

    1. Use https instead of http - Always use the encrypted connection . So you must have SSL certificate installed on your service.

    2. Use Green SQL - It is the proxy for the green database. Your website first connects to GreenSQL instead of your MySQL database directly. It used to forward only legitimate SQL to your database and provided the output in result. It has the list of white-listed databases. If the database entry is not prevent then it will detect it as suspicious entry and will not provide the answer.

    3. Update and patch PHP - It always recommended to patch and update the PHP to it's latest version.

    4. Never connect using superuser - It's always recommended to connect to database using the superuser, always use the user with privileged access.

    5. Use the prepared statements - Use the prepared statements with variables.


    Hope this will help you.
    Very solid list. Employing proper security measures is probably even better than using third-party applications to fill the holes in the end.

    Quote Originally Posted by VirtuBox View Post
    I do not see how https will protect a website against SQL Injection ?
    SQL injection are not a common type of attack, because most part of security vulnerabilities are related to Cross-site scripting (XSS) attack or cross-site request forgery (CSRF).

    You can block the most part of attacks by adding the proper security headers to your web server configuration.
    You can easily check if security headers are set on your website with securityheaders.io.

    About SQL injection, you can use a WAF (Web Application Firewall) like NAXSI for Nginx or ModSecurity for Apache.
    Then keep your application up-to-date to not be vulnerable when security issues are discovered
    I might have heard about them in the past, but I can't recall that much about them, unfortunately. I know of SQL injection attacks from articles regarding major websites being attacks, so I presumed they would be some of the most popular (seeing how easy they are to attempt, too). Nonetheless, this is exactly what I wanted to know, thank you!

    Quote Originally Posted by mobin View Post
    There are two main ways to stop SQL injection attacks.

    1. Server level :- This is mostly using a WAF or some URL policies by matching the URI in request. In case of WAF, available solutions like ModSecurity rules available already contain some rules to check SQL injection attacks and block them

    2. Application Level :- This need some extensive programming skills. But this, you need to analyse the URI in requests at application level and filter it out. For this you need to know the possible SQL Attack patterns against your application.
    Would that be like preventing attacks from the get-go for the first level and filtering them out once the code has already been injected (but not executed) for the second one, right? I guess using them both can't hurt that much.

  6. #6
    Join Date
    Jun 2017
    Posts
    64
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Thumbs Up/Down
    Received: 22/0
    Given: 0/0
    Quote Originally Posted by PenguinManiac View Post
    Thanks to everyone for your answers! They're all very informative and helpful.


    Would that be like preventing attacks from the get-go for the first level and filtering them out once the code has already been injected (but not executed) for the second one, right? I guess using them both can't hurt that much.
    That is corerct. Please note that, as long as the injection can be executed and cannot reach the tables its ok to go through the first level. When application can fiter out such requests, that means you are still safe. But for this, you must know what you are doing.
    cPGuard - cPanel Security Suite - Enhanced Security For Your WordPress/Joomla Websites
    Virus Scanner || Commercial WAF Rules || RBL Checker || Brute-Force Protection

Newer Threads

  1. Fuzyon
    Adobe XD?
    By Fuzyon in forum Website Design
    gelotologist
    Replies: 2 | Views: 266
    Last post by gelotologist, 09-02-2017, 06:40 PM
  2. PenguinManiac
    ClintAnthony
    Replies: 3 | Views: 233
    Last post by ClintAnthony, 10-29-2017, 12:00 AM
  3. JOED77
    UltratechHost
    Replies: 6 | Views: 398
    Last post by UltratechHost, 08-18-2017, 05:20 PM
  4. vinaya
    Domain renewal fees
    By vinaya in forum Domain Names
    PedroCarvalho
    Replies: 7 | Views: 484
    Last post by PedroCarvalho, 09-01-2017, 02:13 PM

Older Threads

  1. Raman
    Server_Wala
    Replies: 5 | Views: 368
    Last post by Server_Wala, 08-14-2017, 06:59 AM
  2. JOED77
    JOED77
    Replies: 0 | Views: 188
    Last post by JOED77, 08-10-2017, 02:19 AM
  3. fantaku292
    yemzy
    Replies: 2 | Views: 230
    Last post by yemzy, 08-10-2017, 09:58 AM
  4. Fuzyon
    Alexander_K
    Replies: 14 | Views: 536
    Last post by Alexander_K, 12-06-2017, 08:43 AM
  5. Fuzyon
    Github alternative
    By Fuzyon in forum Web Programming
    VirtuBox
    Replies: 2 | Views: 224
    Last post by VirtuBox, 08-10-2017, 01:07 PM

Latest Threads

  1. mobin
    mobin
    Replies: 0 | Views: 19
    Last post by mobin, Today, 02:50 PM
  2. marblank1313
    24x7serverman
    Replies: 2 | Views: 26
    Last post by 24x7serverman, Today, 12:55 PM
  3. JFSG
    JFSG
    Replies: 0 | Views: 39
    Last post by JFSG, Yesterday, 04:32 PM
  4. JFSG
    JFSG
    Replies: 0 | Views: 40
    Last post by JFSG, Yesterday, 04:31 PM
  5. JFSG
    JFSG
    Replies: 0 | Views: 42
    Last post by JFSG, Yesterday, 04:29 PM

Similar Threads

  1. StartVM
    Robert Plummer
    Replies: 2 | Views: 1394
    Last post by Robert Plummer, 02-24-2017, 02:17 AM
  2. meetdilip
    therohost
    Replies: 30 | Views: 5176
    Last post by therohost, 01-01-2017, 08:24 PM
  3. Maxoq
    StartVM
    Replies: 6 | Views: 1041
    Last post by StartVM, 12-19-2016, 05:56 AM
  4. BillEssley
    BillEssley
    Replies: 0 | Views: 974
    Last post by BillEssley, 09-21-2016, 06:54 AM
  5. coredump
    GswHosting
    Replies: 7 | Views: 1618
    Last post by GswHosting, 09-12-2016, 08:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Web Hosting Forum

ForumWeb.Hosting is a web hosting forum where you’ll find in-depth discussions and resources to help you find the best hosting providers for your websites or how to manage your hosting whether you are new or experienced. You’ll find it all here. With topics ranging from web hosting, internet marketing, search engine optimization, social networking, make money online, affiliate marketing as well as hands-on technical support for web design, programming and more. We are a growing community of like-minded people that is keen to help and support each other with ambitions and online endeavors. Learn and grow, make friends and contacts for life.

Community

The world's smartest hosting providers come here to discuss & share what's trending in the web hosting world!
Copyright ©2017, ForumWeb.Hosting. All rights reserved. Web Hosting Forum for webmasters, web hosting providers, designers and web developers.

Welcome to Forum Web Hosting

The World's Number 1 Web Hosting Community, Reviews & Services

Log in!

Continue with Facebook
Continue With Email. By signing up you indicate that you have read and agree to the Terms of Service and Privacy Policy.

Sign in Manually

Need an account? Sign up now!