MySQL security - Joomla! Forum - community, help and support

i getting users names , passwords changed same id , pw on several sites. same host. have sites on host no problem.

i've caught within hours of happening. convinced problem lies hosting company i've had constant issues them. i'd know following:

1. notified when user id or password changed.
2. learn harden mysql security.

thanks.

problem description :: forum post assistant (v1.2.3) : 10th november 2012 wrote:mysql insecure.

last php error(s) reported :: forum post assistant (v1.2.3) : 10th november 2012 wrote:[13-oct-2012 06:59:33 utc] php fatal error: call member function get() on non-object in /home/caofmaor/public_html/templates/beez_20/error.php on line 10

forum post assistant (v1.2.3) : 10th november 2012 wrote:

basic environment :: wrote:joomla! instance :: joomla! 2.5.8-stable (ember) 8-november-2012
joomla! platform :: joomla platform 11.4.0-stable (brian kernighan) 03-jan-2012
joomla! configured :: yes | writable (644) | owner: secured (uid: 1/gid: 1) | group: secured (gid: 1) | valid for: 2.5
configuration options :: offline: 0 | sef: 1 | sef suffix: 1 | sef rewrite: 1 | .htaccess/web.config: yes | gzip: 0 | cache: 0 | ftp layer: 0 | ssl: 0 | error reporting: default | site debug: 0 | language debug: 0 | default access: 1 | unicode slugs: 1 | database credentials present: yes

host configuration :: os: linux | os version: 2.6.32-379.5.1.lve1.1.9.6.1.el6.x86_64 | technology: x86_64 | web server: apache | encoding: gzip, deflate | doc root: /home/caofmaor/public_html | system tmp writable: yes

php configuration :: version: 5.3.17 | php api: cgi-fcgi | session path writable: unknown | display errors: | error reporting: 6133 | log errors to: error_log | last known error: 13th october 2012 02:59:33. | register globals: 0 | magic quotes: 1 | safe mode: 0 | open base: | uploads: 1 | max. upload size: 32m | max. post size: 128m | max. input time: 120 | max. execution time: 60 | memory limit: 168m

mysql configuration :: version: 5.5.25-cll (client:5.5.25) | host: --protected-- (--protected--) | collation: latin1_swedish_ci (character set: latin1) | database size: 12.97 mib | #of tables:  127

detailed environment :: wrote:php extensions :: core (5.3.17) | date (5.3.17) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7-dev) | zlib (1.1) | bcmath () | bz2 () | calendar () | ctype () | curl () | dom (20031129) | hash (1.0) | filter (0.11.0) | ftp () | gd () | gettext () | spl (0.2) | iconv () | session () | json (1.2.1) | mbstring () | mcrypt () | mysql (1.0) | mysqli (0.1) | pgsql () | standard (5.3.17) | phar (2.0.1) | posix () | reflection ($id: 593a0506b01337cfaf9f63ebc12cd60523fc2c41 $) | imap () | simplexml (0.1) | soap () | sockets () | exif (1.4 $id$) | tidy (2.0) | tokenizer (0.1) | wddx () | xml () | xmlreader (0.1) | xmlrpc (0.51) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | cgi-fcgi () | suhosin (0.9.33) | uploadprogress (1.0.3.1) | timezonedb () | imagick (3.0.1) | homeloader (1.0) | pdo (1.0.4dev) | pdo_sqlite (1.0.1) | sqlite (2.0-dev) | pdo_mysql (1.0.2) | ioncube loader () | zend guard loader () | zend engine (2.3.0) |
potential missing extensions ::

switch user environment (experimental) :: php cgi: yes | server su: no | php su: yes | custom su (litespeed/cloud/grid): yes
potential ownership issues: no

folder permissions :: wrote:core folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

elevated permissions (first 10) ::

extensions discovered :: wrote:components :: site :: wf_mediaplayer_jceplayer_title (2.2.9) | wf_popups_jcemediabox_title (2.2.9) | wf_popups_window_title (2.2.9) | wf_aggregator_vimeo_title (2.2.9) | [youtube] (2.2.9) | wf_filesystem_joomla_title (2.2.9) | wf_links_joomlalinks_title (2.2.9) | wf_link_search_title (2.2.9) | wf_anchor_title (2.2.9) | wf_searchreplace_title (2.2.9) | wf_layer_title (2.2.9) | wf_preview_title (2.2.9) | wf_textcase_title (2.2.9) | wf_print_title (2.2.9) | wf_source_title (2.2.9) | wf_clipboard_title (2.2.9) | wf_browser_title (2.2.9) | wf_cleanup_title (2.2.9) | wf_xhtmlxtras_title (2.2.9) | wf_nonbreaking_title (2.2.9) | wf_article_title (2.2.9) | wf_style_title (2.2.9) | wf_imgmanager_title (2.2.9) | wf_lists_title (2.2.9) | wf_fullscreen_title (2.2.9) | [do not buy our kitchens!] (2.2.9) | wf_visualblocks_title (2.2.9) | wf_media_title (2.2.9) | wf_table_title (2.2.9) | wf_visualchars_title (2.2.9) | wf_directionality_title (2.2.9) | wf_link_title (2.2.9) | wf_inlinepopups_title (2.2.9) | wf_contextmenu_title (2.2.9) | wf_autosave_title (2.2.9) | wf_spellchecker_title (2.2.9) | com_wrapper (2.5.0) | com_mailto (2.5.0) |
components :: admin :: com_media (2.5.0) | com_login (2.5.0) | com_installer (2.5.0) | com_templates (2.5.0) | com_content (2.5.0) | com_config (2.5.0) | com_redirect (2.5.0) | com_admin (2.5.0) | com_newsfeeds (2.5.0) | com_joomlaupdate (2.5.0) | com_banners (2.5.0) | gantry (4.1.2) | com_finder (2.5.0) | com_messages (2.5.0) | admintools (2.4.1) | com_checkin (2.5.0) | com_plugins (2.5.0) | com_users (2.5.0) | jce (2.2.9) | editor - jce (2.2.9) | editor - jce (2.2.9) | plg_quickicon_jcefilebrowser (2.5.0) | jce file browser (2.0.0) | unknown (-) | com_languages (2.5.0) | com_weblinks (2.5.0) | com_categories (2.5.0) | sh404sef - offline code plugin (3.6.4.1481) | sh404sef - analytics plugin (3.6.4.1481) | sh404sef - similar urls plugin (3.6.4.1481) | plg_sh404sefcore_sh404sefsocia (3.6.4.1481) | sh404sef - default component s (3.6.4.1481) | plg_system_shlib (0.2.1.306) | sh404sef - system mobile templ (3.6.4.1481) | sh404sef - system plugin (3.6.4.1481) | sh404sef control panel icon (3.6.4.1481) | sh404sef (3.6.4.1481) | com_modules (2.5.0) | akeeba (3.6. | com_cpanel (2.5.0) | com_menus (2.5.0) | com_cache (2.5.0) | com_search (2.5.0) | com_xmap (2.2.1) |

modules :: site :: mod_articles_archive (2.5.0) | mod_articles_popular (2.5.0) | mod_menu (2.5.0) | mod_custom (2.5.0) | mod_related_items (2.5.0) | mod_syndicate (2.5.0) | mod_footer (2.5.0) | mod_weblinks (2.5.0) | mod_random_image (2.5.0) | mod_articles_category (2.5.0) | mod_articles_news (2.5.0) | mod_articles_latest (2.5.0) | mod_banners (2.5.0) | mod_whosonline (2.5.0) | mod_articles_categories (2.5.0) | mod_wrapper (2.5.0) | mod_breadcrumbs (2.5.0) | mod_search (2.5.0) | mod_stats (2.5.0) | mod_languages (2.5.0) | roknavmenu (1.16) | mod_finder (2.5.0) | clean time caluculator (1.0.0) | mod_login (2.5.0) | mod_users_latest (2.5.0) | mod_feed (2.5.0) |
modules :: admin :: mod_online (1.6.0) | admin tools joomla! upgrade no (2.4.1) | admin tools joomla! upgrade no (svn746) | mod_unread (1.6.0) | mod_menu (2.5.0) | mod_latest (2.5.0) | mod_version (2.5.0) | sh404sef control panel icon (3.6.4.1481) | mod_title (2.5.0) | mod_custom (2.5.0) | mod_logged (2.5.0) | mod_submenu (2.5.0) | mod_popular (2.5.0) | mod_status (2.5.0) | mod_multilangstatus (2.5.0) | mod_toolbar (2.5.0) | mod_akadmin_title (3.6. | mod_quickicon (2.5.0) | mod_login (2.5.0) | mod_feed (2.5.0) |

plugins :: site :: plg_editors-xtd_pagebreak (2.5.0) | plg_editors-xtd_article (2.5.0) | plg_editors-xtd_arslink (1.0) | plg_editors-xtd_readmore (2.5.0) | plg_editors-xtd_image (2.5.0) | plg_extension_joomla (2.5.0) | plg_authentication_joomla (2.5.0) | plg_authentication_gmail (2.5.0) | plg_authentication_ldap (2.5.0) | editor - jce (2.2.9) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.5.4.1) | plg_jmonitoring_akeebabackup_t (1.0) | plg_finder_categories (2.5.0) | plg_finder_contacts (2.5.0) | plg_finder_content (2.5.0) | plg_finder_weblinks (2.5.0) | plg_finder_newsfeeds (2.5.0) | sh404sef - offline code plugin (3.6.4.1481) | sh404sef - analytics plugin (3.6.4.1481) | sh404sef - similar urls plugin (3.6.4.1481) | plg_sh404sefcore_sh404sefsocia (3.6.4.1481) | sh404sef - default component s (3.6.4.1481) | plg_content_pagebreak (2.5.0) | plg_content_vote (2.5.0) | plg_content_joomla (2.5.0) | plg_content_pagenavigation (2.5.0) | plg_content_finder (2.5.0) | plg_content_loadmodule (2.5.0) | plg_content_geshi (2.5.0) | plg_content_emailcloak (2.5.0) | xmap - sobipro plugin (2.0.1) | xmap - mosets tree plugin (2.0.2) | xmap - content plugin (2.0.3) | xmap - kunena plugin (2.0.2) | xmap - weblinks plugin (2.0) | xmap - virtuemart plugin (2.0.0) | plg_system_redirect (2.5.0) | plg_system_sef (2.5.0) | system - 1 click action (2.1) | plg_srp_title (3.6. | system - admin tools update em (1.0) | system - gantry (4.1.2) | plg_system_shlib (0.2.1.306) | system - joomla! update email (1.0) | plg_system_logout (2.5.0) | sh404sef - system mobile templ (3.6.4.1481) | system - admin tools (2.4.1) | sh404sef - system plugin (3.6.4.1481) | plg_system_debug (2.5.0) | plg_system_languagefilter (2.5.0) | plg_system_akeebaupdatecheck_t (1.1) | plg_system_cache (2.5.0) | system - jce mediabox (1.1.4) | plg_system_p3p (2.5.0) | plg_system_languagecode (2.5.0) | plg_system_aklazy_title (3.3) | system - rokextender (1.1) | plg_system_highlight (2.5.0) | plg_system_log (2.5.0) | plg_system_remember (2.5.0) | plg_captcha_recaptcha (2.5.0) | plg_user_profile (2.5.0) | plg_user_contactcreator (2.5.0) | plg_user_joomla (2.5.0) | plg_quickicon_jcefilebrowser (2.5.0) | plg_quickicon_extensionupdate (2.5.0) | plg_quickicon_atoolsjupdateche (1.0) | plg_quickicon_joomlaupdate (2.5.0) | plg_quickicon_akeebabackup (1.0) | plg_search_categories (2.5.0) | plg_search_contacts (2.5.0) | plg_search_content (2.5.0) | plg_search_weblinks (2.5.0) | plg_search_newsfeeds (2.5.0) |

templates discovered :: wrote:templates :: site :: beez_20 (2.5.0) | atomic (2.5.0) | beez5 (2.5.0) | rt_gantry_j16 (3.2.7) |
templates :: admin :: bluestork (2.5.0) | hathor (2.5.0) |

i'm not convinced mysql issue. instead i'd check see how message shows, , why it's being triggered. sorry can't more helpful.. think mysql tree wrong 1 bark up.