SQL Tables Disappearing (Users_Master and Chars)

Has anyone else had an issue with some sort of attack or bug that causes the SQL tables to drop? In my case it was the Users_Master and Chars tables, on two separate occasions. It feels like a PHP injection, but my skills in both SQL and PHP are sadly lacking, although I do my best to learn every single day.

If anyone else has had this issue, did you find out what caused it? Did you fix it? How did you stop it from happening again, assuming it's a malicious attack? How can I harden my PHP scripts to keep something like this from becoming a repeating issue, assuming it's an injection?

Thank you in advance for your advice- and please, no "If you don't know what the hell you're doing, don't run a server", because ALL of you were beginners once, and everyone has to start somewhere. It's not my fault that my "beginning" is happening in Shaiya's twilight days, when everyone attacks their neighbors to get a leg up and most worthwhile players have moved on... Anyway, all help is appreciated. Thanks.

Make your database for localhost, has explained on a topic how to do that, someone that got your sql login credenials deleted your database, tables cannot disapair of its self.

I thought the same thing, the first time it happened... then I changed the passwords to both the sa and Shaiya SQL logins, and also my Windows password. Then the exact same thing happened again. How, if all the passwords were new and different? That's when I started thinking it was probably some sort of injection.

Also, I saw at least 1 other person had this issue and called it a "bug", in this thread: [Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by -ColdBloodShaiya- what happened is that the MASTER_USER was deleted a bug but fixed now rofl ok fixed the issue finally :) only what 5mins haha but fixed it and back to normal now fixing drops and the server is fine to play :)

I also searched around and saw another server, Shaiya Haven, with the same problem on their forums. So it seems like someone is going out of their way to do it to any vulnerable servers maybe? What's the weak link?

The php scripts can be induced in error and show the SQL logins credenials then your an easy target make your db for localhost is the only way to be safe

What treica is telling you is totally correct, as having the SQL as a local host is the safest way to go because you avoid outsiders coming into it.

As well if you say that you changed your password and everything and it happened again, if you believe someone is getting your credentials, do a scan on your host to make sure that you don't have any sort of keylogger on it, as with that you are able to get the password when you type it in.

I got the same issue, 2 things i do.
1) I make SQL backup programmed automatically every hours
2) i work on my scripts to protect them and i search what servers got the same issue's and look at their websites to see what script's they use that are same to mine so i can know where i can be injected.

That's all i can tell you for now.