I built a website from scratch using PHP and MySQL for my residential community and our budget is a big fat '0'.

Five days ago I discovered that there were 222 entries in a table in my database that looked suspicious. The I found another 196 entries in another table with similar entries. All these entries had been made within a 11 hour span.

Since then I have been breaking my head trying to

1. find ways of preventing such things from happening - basically trying to learn and convert my PHP to MySQLi (my host does not support PDO) and
2. trying to find out for sure whether this is an SQL injection attack.
3. the Apache log for the relevant day had a 4976Kb size whereas, all other days it is less than 50Kb
4. I have also taken a dump of one of the tables (222 records).

• What I would like to know is, which of these is the first place to visit?
• Do I study the logs first to try and find out what they got out of this exercise?
• Do I study the table entries to find out how they did it?
• Do I take down the site?
• Do I flush my tables, change existing passwords etc? (luckily, since this site had not been 'launched', there is no data that I need to preserve - I can simply flush all tables!)

Searching on SE has given me a lot to think about especially http://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server and RobM's answer made perfect sense.

I don't know the implications of what I see in my tables. Some of the entries are not displayed in the preview - obviously because it contains special characters. I'd have loved to be able to upload the excel dump of the table in question but that doesn't seem to be possible here...

I don't want to remove these entries before I can understand what they could mean and how much I am compromised. At the same time, I am not sure whether leaving them there can cause me further harm....

I built a website from scratch using PHP and MySQL for my residential community and our budget is a big fat '0'.

Five days ago I discovered that there were 222 entries in a table in my database that looked suspicious. The I found another 196 entries in another table with similar entries. All these entries had been made within a 11 hour span.

Since then I have been breaking my head trying to

1. find ways of preventing such things from happening - basically trying to learn and convert my PHP to MySQLi (my host does not support PDO) and
2. trying to find out for sure whether this is an SQL injection attack.
3. the Apache log for the relevant day had a 4976Kb size whereas, all other days it is less than 50Kb
4. I have also taken a dump of one of the tables (222 records).

• What I would like to know is, which of these is the first place to visit?
• Do I study the logs first to try and find out what they got out of this exercise?
• Do I study the table entries to find out how they did it?
• Do I take down the site?
• Do I flush my tables, change existing passwords etc? (luckily, since this site had not been 'launched', there is no data that I need to preserve - I can simply flush all tables!)

Searching on SE has given me a lot to think about especially https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server and RobM's answer made perfect sense.

I don't know the implications of what I see in my tables. Some of the entries are not displayed in the preview - obviously because it contains special characters. I'd have loved to be able to upload the excel dump of the table in question but that doesn't seem to be possible here...

I don't want to remove these entries before I can understand what they could mean and how much I am compromised. At the same time, I am not sure whether leaving them there can cause me further harm....

First off - I am very new to PHP, MySQL, Webhosting - the whole scene. I have been working on a community website - building it from scratch, with a few forms, a Mysql database etc for the last six months. Good practice or bad, the site has been live from almost the beginning. It has taken me this long to get things in some shape as I have literally learned and implemented everything that you'll see there. (https:\platinumcityforum.in).

I felt I was ready for our community to start using it - I hoped to catch any issues from usage. As the sole person doing entire project, it made the chance of missing bugs all the more likely!

Five days ago, while revisiting the parts I had signed off as finished, I discovered something that send me into a tailspin - there were 222 entries in a table in my database that looked suspicious. The I found another 196 entries in another table with similar entries. All these entries had been made within a 11 hour span.

Since then I have been breaking my head trying to (1) find ways of preventing such things from happening - basically trying to learn and convert my PHP to MySQLi (my host does not support PDO) and (2) trying to find out for sure whether this is an SQL injection attack. (3) From this site I got the idea of looking at the Apache logs - and instantly discovered that the log for the relevant day had a 4976Kb size whereas, all other days it is less than 50Kb. I do not know anything about how to read these logs - that is something I will have to learn before I can tackle that part! (4) I have also taken a dump of one of the tables (222 records).

What I would like to know is, which of these is the first place to visit? Do I study the logs first to try and find out what they got out of this exercise? Do I study the table entries to find out how they did it? Do I take down the site? Do I flush my tables, change existing passwords etc? (luckily, since this site had not been 'launched', there is no data that I need to preserve - I can simply flush all tables!)

Some of what I see in my tables is giving me nightmares - mostly because I don't know what the implications could be. As I started typing the list of entries, I could see that some of it is not getting displayed in the preview - obviously because it contains special characters. I'd have loved to be able to upload the excel dump of the table in question but that doesn't seem to be possible here...

I don't want to remove these entries before I can understand what they could mean and how much I am compromised. At the same time, I am not sure whether leaving them there can cause me further harm....

I would greatly appreciate any advice on this. I am doing this free for my residential community and our budget is a big fat '0'. Therefore, I do not have the option of dumping this on a professional. Whatever needs to be done has to be done by me - learn and implement style!

I built a website from scratch using PHP and MySQL for my residential community and our budget is a big fat '0'.

Five days ago I discovered that there were 222 entries in a table in my database that looked suspicious. The I found another 196 entries in another table with similar entries. All these entries had been made within a 11 hour span.

Since then I have been breaking my head trying to

1. find ways of preventing such things from happening - basically trying to learn and convert my PHP to MySQLi (my host does not support PDO) and
2. trying to find out for sure whether this is an SQL injection attack.
3. the Apache log for the relevant day had a 4976Kb size whereas, all other days it is less than 50Kb
4. I have also taken a dump of one of the tables (222 records).

• What I would like to know is, which of these is the first place to visit?
• Do I study the logs first to try and find out what they got out of this exercise?
• Do I study the table entries to find out how they did it?
• Do I take down the site?
• Do I flush my tables, change existing passwords etc? (luckily, since this site had not been 'launched', there is no data that I need to preserve - I can simply flush all tables!)

I don't know the implications of what I see in my tables. Some of the entries are not displayed in the preview - obviously because it contains special characters. I'd have loved to be able to upload the excel dump of the table in question but that doesn't seem to be possible here...

I don't want to remove these entries before I can understand what they could mean and how much I am compromised. At the same time, I am not sure whether leaving them there can cause me further harm....