Web Hosting Forum Login
Not a member yet? Sign up

Services to avoid MySQL injection attacks?

  • FORUMS
  • WEB DESIGN
  • WEB HOSTING OFFERS
  • ADVERTISING
  • WEB HOSTING
  • REQUEST A HOST
  • BEST WEB HOSTING
  • QUICK MENU
  • REGISTER HERE - Join us for FREE
Results 1 to 6 of 6
  1. #1
    Join Date
    Jun 2017
    Posts
    59
    Thanks
    2
    Thanked 1 Time in 1 Post
    Thumbs Up/Down
    Received: 5/0
    Given: 8/0

    Services to avoid MySQL injection attacks?

    From what I know, aside from DDoS, the most common kind of website attacks are due to the execution of custom MySQL injected code. All areas where you can input data and are directly connected to a website's database are potentially exploitable through such code... unless they're properly secured, at least.
    Unless you have a deep knowledge of MySQL, it's hard, if not impossible, to think of all the possible security flaws your website might have, so it's best to refer to experts and professional solutions.

    Are there any services that can help make your website more secure against MySQL code injection attacks?

  2. #2
    Join Date
    Jul 2017
    Location
    Nashik, Maharashtra, India
    Posts
    247
    Thanks
    1
    Thanked 8 Times in 7 Posts
    Thumbs Up/Down
    Received: 44/0
    Given: 5/0
    Here are some tips for you -

    1. Use https instead of http - Always use the encrypted connection . So you must have SSL certificate installed on your service.

    2. Use Green SQL - It is the proxy for the green database. Your website first connects to GreenSQL instead of your MySQL database directly. It used to forward only legitimate SQL to your database and provided the output in result. It has the list of white-listed databases. If the database entry is not prevent then it will detect it as suspicious entry and will not provide the answer.

    3. Update and patch PHP - It always recommended to patch and update the PHP to it's latest version.

    4. Never connect using superuser - It's always recommended to connect to database using the superuser, always use the user with privileged access.

    5. Use the prepared statements - Use the prepared statements with variables.


    Hope this will help you.

  3. #3
    Join Date
    May 2016
    Location
    France
    Posts
    1,240
    Thanks
    67
    Thanked 282 Times in 225 Posts
    Thumbs Up/Down
    Received: 642/1
    Given: 258/0
    Quote Originally Posted by 24x7servermanageme View Post
    Here are some tips for you -

    1. Use https instead of http - Always use the encrypted connection . So you must have SSL certificate installed on your service.

    2. Use Green SQL - It is the proxy for the green database. Your website first connects to GreenSQL instead of your MySQL database directly. It used to forward only legitimate SQL to your database and provided the output in result. It has the list of white-listed databases. If the database entry is not prevent then it will detect it as suspicious entry and will not provide the answer.

    3. Update and patch PHP - It always recommended to patch and update the PHP to it's latest version.

    4. Never connect using superuser - It's always recommended to connect to database using the superuser, always use the user with privileged access.

    5. Use the prepared statements - Use the prepared statements with variables.


    Hope this will help you.
    I do not see how https will protect a website against SQL Injection ?
    SQL injection are not a common type of attack, because most part of security vulnerabilities are related to Cross-site scripting (XSS) attack or cross-site request forgery (CSRF).

    You can block the most part of attacks by adding the proper security headers to your web server configuration.
    You can easily check if security headers are set on your website with securityheaders.io.

    About SQL injection, you can use a WAF (Web Application Firewall) like NAXSI for Nginx or ModSecurity for Apache.
    Then keep your application up-to-date to not be vulnerable when security issues are discovered
    VirtuBox- Managed VPS Hosting
    Web Infrastructure management
    Scalable Web Platform consulting

  4. #4
    Join Date
    Jun 2017
    Posts
    27
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Thumbs Up/Down
    Received: 11/0
    Given: 0/0
    There are two main ways to stop SQL injection attacks.

    1. Server level :- This is mostly using a WAF or some URL policies by matching the URI in request. In case of WAF, available solutions like ModSecurity rules available already contain some rules to check SQL injection attacks and block them

    2. Application Level :- This need some extensive programming skills. But this, you need to analyse the URI in requests at application level and filter it out. For this you need to know the possible SQL Attack patterns against your application.
    cPGuard - Affordable cPanel Security Suite With Excellent Features

  5. #5
    Join Date
    Jun 2017
    Posts
    59
    Thanks
    2
    Thanked 1 Time in 1 Post
    Thumbs Up/Down
    Received: 5/0
    Given: 8/0
    Thanks to everyone for your answers! They're all very informative and helpful.

    Quote Originally Posted by 24x7servermanageme View Post
    Here are some tips for you -

    1. Use https instead of http - Always use the encrypted connection . So you must have SSL certificate installed on your service.

    2. Use Green SQL - It is the proxy for the green database. Your website first connects to GreenSQL instead of your MySQL database directly. It used to forward only legitimate SQL to your database and provided the output in result. It has the list of white-listed databases. If the database entry is not prevent then it will detect it as suspicious entry and will not provide the answer.

    3. Update and patch PHP - It always recommended to patch and update the PHP to it's latest version.

    4. Never connect using superuser - It's always recommended to connect to database using the superuser, always use the user with privileged access.

    5. Use the prepared statements - Use the prepared statements with variables.


    Hope this will help you.
    Very solid list. Employing proper security measures is probably even better than using third-party applications to fill the holes in the end.

    Quote Originally Posted by VirtuBox View Post
    I do not see how https will protect a website against SQL Injection ?
    SQL injection are not a common type of attack, because most part of security vulnerabilities are related to Cross-site scripting (XSS) attack or cross-site request forgery (CSRF).

    You can block the most part of attacks by adding the proper security headers to your web server configuration.
    You can easily check if security headers are set on your website with securityheaders.io.

    About SQL injection, you can use a WAF (Web Application Firewall) like NAXSI for Nginx or ModSecurity for Apache.
    Then keep your application up-to-date to not be vulnerable when security issues are discovered
    I might have heard about them in the past, but I can't recall that much about them, unfortunately. I know of SQL injection attacks from articles regarding major websites being attacks, so I presumed they would be some of the most popular (seeing how easy they are to attempt, too). Nonetheless, this is exactly what I wanted to know, thank you!

    Quote Originally Posted by mobin View Post
    There are two main ways to stop SQL injection attacks.

    1. Server level :- This is mostly using a WAF or some URL policies by matching the URI in request. In case of WAF, available solutions like ModSecurity rules available already contain some rules to check SQL injection attacks and block them

    2. Application Level :- This need some extensive programming skills. But this, you need to analyse the URI in requests at application level and filter it out. For this you need to know the possible SQL Attack patterns against your application.
    Would that be like preventing attacks from the get-go for the first level and filtering them out once the code has already been injected (but not executed) for the second one, right? I guess using them both can't hurt that much.

  6. #6
    Join Date
    Jun 2017
    Posts
    27
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Thumbs Up/Down
    Received: 11/0
    Given: 0/0
    Quote Originally Posted by PenguinManiac View Post
    Thanks to everyone for your answers! They're all very informative and helpful.


    Would that be like preventing attacks from the get-go for the first level and filtering them out once the code has already been injected (but not executed) for the second one, right? I guess using them both can't hurt that much.
    That is corerct. Please note that, as long as the injection can be executed and cannot reach the tables its ok to go through the first level. When application can fiter out such requests, that means you are still safe. But for this, you must know what you are doing.
    cPGuard - Affordable cPanel Security Suite With Excellent Features

Newer Threads

  1. Fuzyon
    Adobe XD?
    By Fuzyon in forum Website Design
    gelotologist
    Replies: 2 | Views: 198
    Last post by gelotologist, 09-02-2017, 06:40 PM
  2. PenguinManiac
    PenguinManiac
    Replies: 2 | Views: 158
    Last post by PenguinManiac, 08-12-2017, 10:01 AM
  3. JOED77
    UltratechHost
    Replies: 6 | Views: 297
    Last post by UltratechHost, 08-18-2017, 05:20 PM
  4. vinaya
    Domain renewal fees
    By vinaya in forum Domain Names
    PedroCarvalho
    Replies: 7 | Views: 371
    Last post by PedroCarvalho, 09-01-2017, 02:13 PM

Older Threads

  1. Raman
    Server_Wala
    Replies: 5 | Views: 285
    Last post by Server_Wala, 08-14-2017, 06:59 AM
  2. JOED77
    JOED77
    Replies: 0 | Views: 145
    Last post by JOED77, 08-10-2017, 02:19 AM
  3. fantaku292
    yemzy
    Replies: 2 | Views: 159
    Last post by yemzy, 08-10-2017, 09:58 AM
  4. Fuzyon
    Jud
    Replies: 9 | Views: 292
    Last post by Jud, Today, 10:22 AM
  5. Fuzyon
    Github alternative
    By Fuzyon in forum Web Programming
    VirtuBox
    Replies: 2 | Views: 157
    Last post by VirtuBox, 08-10-2017, 01:07 PM

Latest Threads

  1. Ericka Francisco
    Free reseller hosting program
    By Ericka Francisco in forum Reseller Hosting
    Ericka Francisco
    Replies: 0 | Views: 3
    Last post by Ericka Francisco, Today, 10:39 AM
  2. CaygriWEB
    CaygriWEB
    Replies: 0 | Views: 6
    Last post by CaygriWEB, Today, 10:26 AM
  3. CaygriWEB
    CaygriWEB
    Replies: 0 | Views: 5
    Last post by CaygriWEB, Today, 10:16 AM
  4. Ericka Francisco
    Ericka Francisco
    Replies: 0 | Views: 7
    Last post by Ericka Francisco, Today, 10:15 AM
  5. pamelabiscocho
    pamelabiscocho
    Replies: 0 | Views: 8
    Last post by pamelabiscocho, Today, 07:51 AM

Similar Threads

  1. StartVM
    Robert Plummer
    Replies: 2 | Views: 1364
    Last post by Robert Plummer, 02-24-2017, 02:17 AM
  2. meetdilip
    therohost
    Replies: 30 | Views: 5056
    Last post by therohost, 01-01-2017, 08:24 PM
  3. Maxoq
    StartVM
    Replies: 6 | Views: 1009
    Last post by StartVM, 12-19-2016, 05:56 AM
  4. BillEssley
    BillEssley
    Replies: 0 | Views: 955
    Last post by BillEssley, 09-21-2016, 06:54 AM
  5. coredump
    GswHosting
    Replies: 7 | Views: 1573
    Last post by GswHosting, 09-12-2016, 08:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Web Hosting Forum

ForumWeb.Hosting is a web hosting forum where you’ll find in-depth discussions and resources to help you find the best hosting providers for your websites or how to manage your hosting whether you are new or experienced. You’ll find it all here. With topics ranging from web hosting, internet marketing, search engine optimization, social networking, make money online, affiliate marketing as well as hands-on technical support for web design, programming and more. We are a growing community of like-minded people that is keen to help and support each other with ambitions and online endeavors. Learn and grow, make friends and contacts for life.

Community

The world's smartest hosting providers come here to discuss & share what's trending in the web hosting world!
Copyright ©2017, ForumWeb.Hosting. All rights reserved. Web Hosting Forum for webmasters, web hosting providers, designers and web developers.

Welcome to Forum Web Hosting

The World's Number 1 Web Hosting Community, Reviews & Services

Log in!

Continue with Facebook
Continue With Email. By signing up you indicate that you have read and agree to the Terms of Service and Privacy Policy.

Sign in Manually

Need an account? Sign up now!