Let’s assume a scenario where my website gets hacked via an upload vulnerability using a PHP shell backdoor which has access to the database. Now I know someone has uploaded a shell but I can’t find it because of tons of files. I want to prevent this shell from having access or running queries on my database, how do I deny or restrict it?
Maybe check your network structure logs if you have them installed on your network and check when, how, where your website or database was breached.
Check log files in MySQL database, identify recent unknown activities and remove them from scratch. I think this will help you:
Okay researched on this and found a way to solve the problem.
- Block access to port 3306
- Do not grant all privilege on localhost instead do so for a particular IP address.
The problem has been solved, thanks community.