›
Hacked
|
Hacked
|
 (03-27-2017, 05:58 AM)Hi there Is It the actual panel got hacked or an hosted application I got hacked before but that was thru a wordpress plugin with a back door Wrote: Hello 
What issues? We don't get it.
No support using PM (Auto adding to IGNORE list!), use the forum.
How to ask Freelance AWS Certified Architect & SysOps// DevOps 10$ free to start your VPS
Yes, it's via WP - i suspect Gravity Forms.
Looking at logs there were request to phyMyadmin. So many issues that it caused router to be rebooted every 10-15 minutes. I am going to look close at the logs, but that might still not be indication of the extent of the hack. Administrator accounts were created in WP, so I am assuming that if they can inject into mySQL further access to Sentora could have been mitigated. Let me know if I am wrong. Thanks to all that work hard to keep sentora going. (03-29-2017, 04:17 AM)Qtech Wrote: Yes, it's via WP - i suspect Gravity Forms. glad to hear that you found where the hack is coming from for my wp apps I have installed a firewall that block all bad requests or "suspicious", it is for free "PHP_Firewall" its an old plugin but it works however you have to disable a few function within other way it will block some traffic from mobile 4g or 3g ip range hope that will help you don't forget to do something about the ddos attack  it cost me 3 x E7-4850 cpu utill I figure it out
Thanks given by: Qtech
It's not solved yet. I keep getting guy.php and 404.guy.php files popping up. in WP folder.
Also I have installed Wordfence but I get this error. Warning: tempnam(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/sentora/hostdata/acct_name/public_html/domain:/var/sentora/temp/) in /var/sentora/hostdata/acct_name/public_html/domain/wp- Not sure if anyone has come across this. Any insight would be helpful to solving this. 
RE: Hacked
03-29-2017, 12:40 PM
(This post was last modified: 03-29-2017, 12:44 PM by aroaminggeek.)
(03-29-2017, 11:46 AM)Qtech Wrote: It's not solved yet. I keep getting guy.php and 404.guy.php files popping up. in WP folder. In Sentora admin, go to Admin>Module Admin>Apache Config. "Override a Virtual Host Setting" Select the domain vhost (the one with WP installed) from the drop down menu, check the box for "OpenBase Enabled" and save. [side note, WordFence is probably the best security plugin (if you must use WP), but you have to understand how it works. I can't tell you how many customers I had to help "undo" what they did in WordFence, so they could login (or even just VISIT their own site) because they didn't know what it is capable of!] Thanks given by: Qtech
(03-29-2017, 12:40 PM)aroaminggeek Wrote: In Sentora admin, go to It is already checked... any other ideas? (03-29-2017, 12:58 PM)Qtech Wrote: It is already checked... any other ideas? https://wordpress.org/support/topic/fix-...?replies=5 Try there for starters. Best to try and eliminate the problem on the WP side before mucking about in (and potentially breaking) the server side of it ("Oh crap! The CD player wont play this one CD. Let's take apart the engine and see if we can get it to work!") 
TGates
Sentora Council - Head of Support Team  OS: Ubuntu 20.04 LTS Version: 2.0.2 Server: i7-6700K @ 4GHz, 8 cores 32GB Ram
If you have a backup I suggest comparing the online version with the backup and see if any files are different, If files are showing up on your hosting space you did not put there, they may have even hacked the FTP account (Worth checking).
What code is inside these new files? |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| Hacked - Uploading File Automatically | joydeep9932 | 1 | 4 ,242 |
06-16-2018, 01:42 PM Last Post: Ron-e |
|
