08-10-2017, 07:34 AM #1
Services to avoid MySQL injection attacks?
From what I know, aside from DDoS, the most common kind of website attacks are due to the execution of custom MySQL injected code. All areas where you can input data and are directly connected to a website's database are potentially exploitable through such code... unless they're properly secured, at least.
Unless you have a deep knowledge of MySQL, it's hard, if not impossible, to think of all the possible security flaws your website might have, so it's best to refer to experts and professional solutions.
Are there any services that can help make your website more secure against MySQL code injection attacks?
08-11-2017, 01:16 PM #2
Here are some tips for you -
1. Use https instead of http - Always use the encrypted connection . So you must have SSL certificate installed on your service.
2. Use Green SQL - It is the proxy for the green database. Your website first connects to GreenSQL instead of your MySQL database directly. It used to forward only legitimate SQL to your database and provided the output in result. It has the list of white-listed databases. If the database entry is not prevent then it will detect it as suspicious entry and will not provide the answer.
3. Update and patch PHP - It always recommended to patch and update the PHP to it's latest version.
4. Never connect using superuser - It's always recommended to connect to database using the superuser, always use the user with privileged access.
5. Use the prepared statements - Use the prepared statements with variables.
Hope this will help you.
08-11-2017, 02:53 PM #3
SQL injection are not a common type of attack, because most part of security vulnerabilities are related to Cross-site scripting (XSS) attack or cross-site request forgery (CSRF).
You can block the most part of attacks by adding the proper security headers to your web server configuration.
You can easily check if security headers are set on your website with securityheaders.io.
About SQL injection, you can use a WAF (Web Application Firewall) like NAXSI for Nginx or ModSecurity for Apache.
Then keep your application up-to-date to not be vulnerable when security issues are discovered
08-12-2017, 04:13 AM #4
There are two main ways to stop SQL injection attacks.
1. Server level :- This is mostly using a WAF or some URL policies by matching the URI in request. In case of WAF, available solutions like ModSecurity rules available already contain some rules to check SQL injection attacks and block them
2. Application Level :- This need some extensive programming skills. But this, you need to analyse the URI in requests at application level and filter it out. For this you need to know the possible SQL Attack patterns against your application.OpsShield.com's cPGuard - Affordable cPanel Security Suite With Excellent Features
08-12-2017, 09:58 AM #5
Thanks to everyone for your answers! They're all very informative and helpful.
08-12-2017, 10:30 AM #6OpsShield.com's cPGuard - Affordable cPanel Security Suite With Excellent Features
Replies: 1 | Views: 67Last post by WHGBTom, 08-12-2017, 03:54 PM
Replies: 2 | Views: 63Last post by PenguinManiac, 08-12-2017, 10:01 AM
By JOED77 in forum Content Management SystemsReplies: 6 | Views: 153Last post by UltratechHost, 08-18-2017, 05:20 PM
Replies: 5 | Views: 137Last post by Soulwatcher, Yesterday, 05:37 AM
Replies: 5 | Views: 128Last post by Server_Wala, 08-14-2017, 06:59 AM
Replies: 0 | Views: 40Last post by JOED77, 08-10-2017, 02:19 AM
By fantaku292 in forum eCommerce Hosting & DiscussionReplies: 2 | Views: 84Last post by yemzy, 08-10-2017, 09:58 AM
Replies: 0 | Views: 44Last post by Fuzyon, 08-09-2017, 04:52 PM
Replies: 2 | Views: 75Last post by VirtuBox, 08-10-2017, 01:07 PM
OFFER $1.99 /Mo - Back to School Special | Pure SSD | DDoS Protected | PayPal & BitCoin | 1-Month-FREEBy HostBastic in forum VPS Hosting OffersReplies: 0 | Views: 34Last post by HostBastic, Yesterday, 08:45 PM
By Server_Wala in forum Reseller Hosting OffersReplies: 0 | Views: 13Last post by Server_Wala, Yesterday, 12:12 PM
Replies: 3 | Views: 51Last post by HostBastic, Yesterday, 10:01 PM
By exa-edward in forum Shared Hosting OffersReplies: 4 | Views: 162Last post by exa-edward, 08-21-2017, 09:55 AM
By JFSG in forum Affiliate Programs PromotionReplies: 0 | Views: 39Last post by JFSG, 08-20-2017, 07:43 PM
Replies: 2 | Views: 1335Last post by Robert Plummer, 02-24-2017, 02:17 AM
Replies: 30 | Views: 4899Last post by therohost, 01-01-2017, 08:24 PM
Replies: 6 | Views: 958Last post by StartVM, 12-19-2016, 05:56 AM
By BillEssley in forum Hosting Security and TechnologyReplies: 0 | Views: 936Last post by BillEssley, 09-21-2016, 06:54 AM
By coredump in forum Dedicated ServerReplies: 7 | Views: 1537Last post by GswHosting, 09-12-2016, 08:25 AM