Security Issue on WebHostingBuzz!

Portal Home > Knowledgebase > Articles Database > Security Issue on WebHostingBuzz!

Posted by qcoax, 08-23-2005, 04:13 AM
I am a reseller of Webhostingbuzz. Last week, when i use MySQL control center (win version) to connect to server. Suddenly the table list under the connect is more than previous!!! I look it properly, I found out that it list all the tables under the server!!! I try to connect to other table, luckily i can't browse the table. I dunno is this consider a security issue. I know it sound crazy but i am not bluffing. below are the list of table i get. MOD EDITED +------------------------------+ What can i do to stop this, is this okie? I dun want people to know wat is my table name. It sound not secure. Last edited by The3bl; 08-23-2005 at 05:17 AM.
Posted by Ronald_Craft, 08-23-2005, 04:26 AM
Contact their support department and bring up the issue with them. That would be the best way to get this resolved.
Posted by The3bl, 08-23-2005, 05:18 AM
If you do not want people to know your table names are then why would you post the entire servers list of tables on a public board?
Posted by Alex Fernandez, 08-23-2005, 05:20 AM
Because he maybe edited out all his own tables?
Posted by qcoax, 08-23-2005, 05:32 AM
Thanks 1stStrike, I did contact them and they ask me my database user and password to check. I didin't provide them the info and they state that there is no problem and just try to ignore my support. I am wondering the person who authories to modified my post is people from webhostingbuzz?? Just wondering who incharge of this forum?? Web hosting company itself??? I am the victim too, if any one want the content of the support ticket, just PM me, if i post here later been delete too. cheers, qcoax
Posted by Alex Fernandez, 08-23-2005, 05:38 AM
qcoax, if you did not provide your username and password to them, then how to you expect them to investigate further? It was Techark who edited your post, he (afaik) is in no way affiliated with webhostingbuzz, he edited it for the simple fact that no-one needs to read the long list of database names, especially on a public forum.
Posted by qcoax, 08-23-2005, 05:42 AM
hi Alex, I know wat u mean. is my client who found this. And I try myself too and same thing happen. So I just tell them all user face the same problem. My policy is, when a problem can be trace without username and password then i wouldn't get them from my client. I expect the same from my provider too. cheers, qcoax
Posted by Alex Fernandez, 08-23-2005, 05:47 AM
qcoax, in all hounesty, the provider either has to create a new phpmyadmin account and try via that, or use one of the xisting accounts hence asking for a username/password. Now getting a username/password is easier than faster than creating a new account, and a new account might have different settings that could lead to the problem not being there, therefore its best to investigate from an existing account. The provider only has root access to phpmyadmin, so they will see all databases anyway without doing the above. I think you are being unreasonable, you want the problem fix, yet do not want to co-operate with them.
Posted by qcoax, 08-23-2005, 05:49 AM
Hi Alex, One more thing i wish to say, i mean no harm to you. Nor Techark or you can said for prove that "no-one needs to read the long list of database names". The reason i list them here because my provider treat my like a fool. I need to provide some prove to tell people I am not critic them without nothing. I been screwed by my customer and do my best to provide 1st line support but the 2nd line support just treat me like i am invisible. That's the reason i post here. I hope publication on this issue can push them to work....... cheers. qcoax
Posted by Alex Fernandez, 08-23-2005, 05:54 AM
WHT is NOT the place for trying to push a provider to do something, I've learnt that from reading this place for a long time. As I said in the previous post, if you are un-prepared to help the provider work out what hte problem is by not giving them your account info (dont see why not), then its clearly not such a big problem as you are prepared to live with it.
Posted by qcoax, 08-23-2005, 06:23 AM
Hm... different people have differece opinion. for me, i don't think a username & password can cause a hosting provider to ignore the security issue for week. cheers, qcoax
Posted by Alex Fernandez, 08-23-2005, 07:07 AM
Its obviously not a major issue, you can only see names, not the data. And if only you were the one affected by this, why would the provider do anything if you wont want to play ball?
Posted by qcoax, 08-23-2005, 09:02 AM
Hi Alex, u not from webhostingbuzz..... right? the way u talk to me seem very aggressive and only pinpoint on my fault. For you may be because of i didn't provide username & passwd is wrong and the provider should ignore a support ticket. But is this the customer service a consumer should expect? Hm... I hope not. As consumer, i have the right to speak out my opinion and share my experience in this public forum. But anyway, this fourm is not one and only forum regarding web hosting. I hope i can get people support from other forum. cheer, qcoax
Posted by Alex Fernandez, 08-23-2005, 10:37 AM
You posted here in order to bash a company to get them to sort your issue. They had clearly asked you for your username and password to check the issue, and you ahve refused to provide it. From anyone's perspective, thats the issue closed. They have not had any reports of this from other customers, so it maybe that this is only affecting you, and you alone, but by not giving them the info to check, they see this as a matter not worth persuing. Afterall, provided you cant edit other tables, its OK. And, no I'm not affilaited with them. You expect a company to help you when you are being as unco-operative as possible. I think anyone else who posts here will have the same view.
Posted by qcoax, 08-23-2005, 11:18 AM
hmm... i will stop here anyway. I would like to use this opportunity to thanks Safvan (support) & Fahad (Billing) for his friendly and supportive help. cheers for Safvan & Fahad.