Curious case with root-access to mysql
Once a request from a friend came to me: move sites to a new hosting. Well, how can you not help. The hosting control panel was the DirectAdmin panel, and all sites were on joomla. Therefore, to find the configuration files and get acquainted with them is not difficult. After creating backup sites, it was the turn to make backup databases. It seems that everything should be very simple. But not today.
After that, when everything was transferred to a new hosting and was already working fine, they call me and say that the content on the sites is not what it should be. I immediately flashed the idea of ​​accidentally replacing some backups or incorrect settings of the CMS configuration file. But verification of positive results did not bring. And since the content was very important for the site owner, I had to try once again to find the necessary backups. I contacted the hosting technical support and explained the situation to them. They, in turn, send me a full backup of hosting. But there was no necessary backups.
I begin to compare the content of sites on the previous and new hosting and I see that it is really different. And I started asking myself the question: why in all joomla configuration files the database user name was “root” and the password was not specified at all? And here it dawned on me ... Oh well. Is it really? Can not be.
I deployed on a SypexDumper hosting. I enter “root” without specifying a password and press the magic “enter” button and this is what we see:
Well, here it is the long-awaited answer to the question: why does the content differ from identical database backups? We're not going to cheat, but the question to answer how such a thing could happen would be very desirable. But the situation turned out to be quite banal: a friend installed all CMS from scratch, and not by transferring from a local computer to a hosting. He did not bother to change the settings for the databases (without paying attention to it). Due to the above described vulnerability, all the necessary CMS were successfully installed and did not “ask unnecessary questions”. The only question that remained was not answered: from where and why did backups of the database appear in DirectAdmin?
As a “cookie,” a friend received 3 months of free hosting.
After that, when everything was transferred to a new hosting and was already working fine, they call me and say that the content on the sites is not what it should be. I immediately flashed the idea of ​​accidentally replacing some backups or incorrect settings of the CMS configuration file. But verification of positive results did not bring. And since the content was very important for the site owner, I had to try once again to find the necessary backups. I contacted the hosting technical support and explained the situation to them. They, in turn, send me a full backup of hosting. But there was no necessary backups.
I begin to compare the content of sites on the previous and new hosting and I see that it is really different. And I started asking myself the question: why in all joomla configuration files the database user name was “root” and the password was not specified at all? And here it dawned on me ... Oh well. Is it really? Can not be.
I deployed on a SypexDumper hosting. I enter “root” without specifying a password and press the magic “enter” button and this is what we see:
Well, here it is the long-awaited answer to the question: why does the content differ from identical database backups? We're not going to cheat, but the question to answer how such a thing could happen would be very desirable. But the situation turned out to be quite banal: a friend installed all CMS from scratch, and not by transferring from a local computer to a hosting. He did not bother to change the settings for the databases (without paying attention to it). Due to the above described vulnerability, all the necessary CMS were successfully installed and did not “ask unnecessary questions”. The only question that remained was not answered: from where and why did backups of the database appear in DirectAdmin?
As a “cookie,” a friend received 3 months of free hosting.
')
Source: https://habr.com/ru/post/279315/
All Articles