Some of you might have noticed this blog (and my forum) was unavailable for nearly 1 day…
Although I still don’t know how and why (no other databases on the hosting servers were affected), I eventually managed to work around it.
The main symptom was that when trying to view my blog, wordpress would not be able to connect to its mysql database (and the same problem with the forum).
So, I couldn’t even get into the wordpress admin area, as it also needed db access.
Now I’m the first to admit I’ve never been good with databases, so this was one huge struggle (more than what I’m describing… I’m leaving out all the swearing, chocolate breaks, and countless false leads)
I found some help in http://wordpress.org/support/topic/34295 some very similar symptoms… but I didn’t like the idea of using my server IP address.
But given the way wordpress/mysql was installed (using fantastico), I eventually figured out that the wordpress wp-config.php file was trying to connect using database: compaid_wrdp1, username: compaid_wrdp1, password: lots of characters I’ve not seen before…, and dbhost: localhost.
Now this file hadn’t changed in 6 months, but given that I could access phpmyadmin and look at the database fields, then my hosting username and password (compaid) would be able to connect… so i tried changing wp-config.php to use username: compaid, and my hosting password… and it worked.
Now I’m not sure what the security implications are, so I created a compaid_wrdp1 user using “mysql databases” on the cpanel, gave it an obscure password (similar to what it had previously), gave this user full access rights, and changed wp-config.php accordingly, then everything was back to “normal”…
I’m still not sure if there are any security problems with doing it this way (ie can someone read the wp-config.php file and then get my database password?), but at least that password is different to my cpanel password, so hacking should be limited to just 1 database.
Given that it happened simultaneously to 2 databases on my domain, there is the possibility of a hacking attempt, or “splog” (blog spam) attempt by a spam spider. But who knows. My blog uses akismet and “bad behaviour” to block spam… and they work very well in tandem, but a hack / spam attempt is always possible.