Here is the scenario for everyone to imagine. I say imagine because I can't find ANY possible reason for this to happen. There is no CRON job, or SQL trigger causing this. This website was created by me and there is no malicious code or malware.
So, the client uploads his more than 20,000 products to the database. All is good. However, within the next 48 hours or so, the products table is deleted. The products_options,product_option_values, products_description, products_to_categories etc etc are NOT deleted. JUST the products table, leaving the site seemingly without products to sell.
Has ANYONE ever heard of this or could anyone offer a suggestion where to look to correct this issue ?
This is an Apache server running PHP 5.2.1 with MySQL 5.0
Chris
Latest News: (loading..)
0
Database tables being deleted without reason
Started by DunWeb, Nov 17 2011, 06:17
sql database deleted unknown
13 replies to this topic
#1
-
- Community Sponsor
-
- 10,464 posts
- Real Name:Chris Dunn
- Gender:Male
- Location:Tecumseh, Ontario, Canada N8N 1X8
Posted 17 November 2011, 06:17
:|: Was this post helpful ? Click the LIKE THIS button :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
#2
Posted 17 November 2011, 13:46
DunWeb, on 17 November 2011, 06:17, said:
Has ANYONE ever heard of this or could anyone offer a suggestion where to look to correct this issue ?
Chris
Chris
Dan
#3
-
- Community Sponsor
-
- 7,731 posts
- Real Name:Geoffrey Walton
- Gender:Male
- Location:Norfolk, UK (close to the centre of the universe)
Posted 17 November 2011, 16:06
I did have a client in Denmark where the host was deleting php scripts, because they thought they were malicious, every morning.
As the table is deleted and not truncated you can't find the time it happened as the time stamp on the table is not available.
Turn on logging and see the time errors start occurring
Then see if there is a suspicious access being made.
Also have you looked for sql in the db?
Food for thought.
G
As the table is deleted and not truncated you can't find the time it happened as the time stamp on the table is not available.
Turn on logging and see the time errors start occurring
Then see if there is a suspicious access being made.
Also have you looked for sql in the db?
Food for thought.
G
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
#4
-
- Community Sponsor
-
- 10,464 posts
- Real Name:Chris Dunn
- Gender:Male
- Location:Tecumseh, Ontario, Canada N8N 1X8
Posted 17 November 2011, 16:22
Hello,
Thank you for the responses.
To clarify, as I did say DELETE. The products table is actually being TRUNCATED, not deleted and the error log is not showing anything.
Chris
Thank you for the responses.
To clarify, as I did say DELETE. The products table is actually being TRUNCATED, not deleted and the error log is not showing anything.
Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
#6
-
- Community Sponsor
-
- 10,464 posts
- Real Name:Chris Dunn
- Gender:Male
- Location:Tecumseh, Ontario, Canada N8N 1X8
Posted 17 November 2011, 17:11
Hi George,
Thanks for the reply, I did install it on my development server without any problems. So, I checked with the hosting provider and they say it is nothing on their end. The site is clean and fully functional other than the products table issue. I am completely at a loss.
Chris
Thanks for the reply, I did install it on my development server without any problems. So, I checked with the hosting provider and they say it is nothing on their end. The site is clean and fully functional other than the products table issue. I am completely at a loss.
Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
#8
-
- Community Sponsor
-
- 7,731 posts
- Real Name:Geoffrey Walton
- Gender:Male
- Location:Norfolk, UK (close to the centre of the universe)
Posted 17 November 2011, 17:24
If it is a truncate the table will have the time last updated which might help pin it down
G
G
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
#9
-
- Community Sponsor
-
- 10,464 posts
- Real Name:Chris Dunn
- Gender:Male
- Location:Tecumseh, Ontario, Canada N8N 1X8
Posted 17 November 2011, 17:24
George,
The host is the clients choice, the support is adequate but there is no way of currently tracking this issue. There doesn't seem to be any set time-frame for this occurrence, sometimes it is 4 hours, sometimes it is 2 days.
Have you ever heard of this issue with osCommerce ?
Chris
The host is the clients choice, the support is adequate but there is no way of currently tracking this issue. There doesn't seem to be any set time-frame for this occurrence, sometimes it is 4 hours, sometimes it is 2 days.
Have you ever heard of this issue with osCommerce ?
Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
#10
-
- Community Sponsor
-
- 10,464 posts
- Real Name:Chris Dunn
- Gender:Male
- Location:Tecumseh, Ontario, Canada N8N 1X8
Posted 17 November 2011, 17:29
hi Geoffrey,
I can see exactly what time the table was truncated, unfortunately that's all I can see. There is no error in the log and no error on the website. When the products are loaded, the site operates normally, sales are made and recorded and the customer gets their download link to download the product. This site was functioning on another hosting account and although there were issues with that hosting provider, the database was not a problem then.
I even created a new database for the website thinking the old database was bad, but the problem persists.
Chris
I can see exactly what time the table was truncated, unfortunately that's all I can see. There is no error in the log and no error on the website. When the products are loaded, the site operates normally, sales are made and recorded and the customer gets their download link to download the product. This site was functioning on another hosting account and although there were issues with that hosting provider, the database was not a problem then.
I even created a new database for the website thinking the old database was bad, but the problem persists.
Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
#11
Posted 17 November 2011, 17:56
Having the time the table got truncated, you could check if at the same time, there was any suspicious access to the site, that was Geoffrey's idea.
I really have no idea, most suspicious is the host himself, but again, for what reason should he be deleting a single table from he DB?
Chris, I have no idea .....
I really have no idea, most suspicious is the host himself, but again, for what reason should he be deleting a single table from he DB?
Chris, I have no idea .....
Looking for a way to create your own osCommerce template ? click
#12
-
- Community Sponsor
-
- 10,464 posts
- Real Name:Chris Dunn
- Gender:Male
- Location:Tecumseh, Ontario, Canada N8N 1X8
Posted 17 November 2011, 18:07
Thanks for the input George. I have exhausted all reasonable explanations for this issue. As of right now, I have add ONE single product and I am monitoring the database to see if/when it gets deleted.
Thank you everyone for the input. (it makes me feel better that I am not ACTUALLY going insane..... yet ! )
Chris
Thank you everyone for the input. (it makes me feel better that I am not ACTUALLY going insane..... yet ! )
Chris
:|: Was this post helpful ? Click the LIKE THIS button :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
:|: Click Here to learn how I can help you with custom coding, add ons, security and templates :|:
:|: Need an Area Calculator, Pre-Paid Account, Virtual Pin, Auction or Layaway Add on ? Click Here :|:
#13
-
- Community Sponsor
-
- 7,731 posts
- Real Name:Geoffrey Walton
- Gender:Male
- Location:Norfolk, UK (close to the centre of the universe)
Posted 18 November 2011, 09:52
If there is an access at the time of the truncate have a look at all the db records that are displayed and view the source of the page.
G
G
Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
Virus Threat Scanner
My Contributions
Basic install answers.
Click here for Contributions / Add Ons.
UK your site.
Site Move.
Basic design info.
For links mentioned in old answers that are no longer here follow this link Useful Threads.
If this post was useful, click the Like This button over there ======>>>>>.
#14
Posted 18 November 2011, 16:34
multimixer, on 17 November 2011, 17:56, said:
I really have no idea, most suspicious is the host himself, but again, for what reason should he be deleting a single table from he DB?
Otherwise, I would suspect the client is being hacked somewhere. From a clean PC (spyware scanned) change all the passwords you can think of, and see if the problem re-occurs. Look at all PHP code for suspiciously encoded strings.
