dv hacked on (mt) :(
- Started
- Last post
- 15 Responses
- jayoh
On the bright side - I have quite little on the server. I reckon I'm gonna order the Snapshot backup service now. For $20 per month I can instantly re-install domains, users, db's, mail etc
Anyone here used this?
- akrok0
me? no. others? maybe.
- ETM0
I do have an (mt) DV. Never had a security or performance issue with it (knocks on wood). I really limit access for accounts on it, run php safe mode (where possible) and I do not have WP installed or install anything from the (mt) application pool.
- jayoh0
So I had just installed WP and I had an issue with file permissions. I believe I accidentally changed multiple permissions via FTP. No doubt I had a slew of vulnerabilities through this error.
I found this article on WP permissions: http://codex.wordpress.org/Harde…
I'll be sure to be more careful with this install.
- jayoh0
Re-installed most of the stuff on the server but I am worried that PHPmyAdmin was the security vulnerability that caused my server to be hacked last week. Can anyone advise me how I can remove or disable this on MediaTemple's dv server through Plesk or otherwise?
- abettertomorrow0
PHPMyAdmin is just a app where you can change your server settings isn't it? I doubt that would cause the problem, unless someone is able to access it. In which case you can just change the password.
- ETM0
PHPMyAdmin is a server-based database admin tool. Not sure what you are thinking about.
- Melanie0
I got hacked last week too. Sooo stressful. Google put a giant malware sign on my site for 24 hours. It's squeaky clean now.
- abettertomorrow0
Yup. I had the same thing happen. The problem is not PHPMyAdmin but likely just the server access itself being compromised somehow.
Search your files for any malware and delete it. Then change your passwords for everything including FTP. That fixed it for me.
- jayoh0
A friend with a similar setup showed me log reports from his server showing about 2 bots each night searching for all versions of PHPmyAdmin on his server. There must be a few vulnerabilities in there - so I just changed all of PHPmyAdmin's file permissions to temporarily disable it.
- vaxorcist0
SFTP not FTP! (secure FTP, not unsecured FTP)
It's likely that somebody got your FTP login, either by some malware infected PC logging into the FTP (possibly your clients), and/or a "main-in-the-middle" attack which is waaay too easy with unsecured FTP
Whenever I give an FTP login to a client, I ether show them how to use SFTP and/or restrict their login to only a few files.... as a LOT of PC's are infected with malware that results in many of your javascript files suddenly containing references to URLs in russia like "pantscow.ru"
- jayoh0
Thanks Vax!
I have been using regular FTP (ooops) but I will start using SFTP now. I'm actually starting to learn SSH which is powerful but archaic for visual people like me. It just seems that simply accessing ALL the files from the root user via Plesk (which I hate almost as much as SSH) is next to impossible.
- If you need help with the SFTP settings let me know. You have to enable it for every account on the DV.ETM
- jayoh0
What about SSH? Is that encrypted in any way?
- vaxorcist0
ssh and sftp usually use similar encryption....
I avoid webhosts that don't allow sftp and ssh