This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Hacked
#1
Hacked
Hello
We were hacked and used to send mail out using PHP.
From some of the reading it seems there are some issues with php anyway to upgrade.

thanks
Reply
Thanks given by:
#2
RE: Hacked
(03-27-2017, 05:58 AM)Hi there Is It the actual panel got hacked or an hosted application I got hacked before but that was thru a wordpress plugin with a back door Wrote: Hello
We were hacked and used to send mail out using PHP.
From some of the reading it seems there are some issues with php anyway to upgrade.

thanks
Reply
Thanks given by:
#3
RE: Hacked
What issues? We don't get it.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask

200$ free to start your VPS 60 days credit
Reply
Thanks given by:
#4
RE: Hacked
Yes, it's via WP - i suspect Gravity Forms.
Looking at logs there were request to phyMyadmin.

So many issues that it caused router to be rebooted every 10-15 minutes.

I am going to look close at the logs, but that might still not be indication of the extent of the hack.

Administrator accounts were created in WP, so I am assuming that if they can inject into mySQL further access to Sentora could have been mitigated.

Let me know if I am wrong.

Thanks to all that work hard to keep sentora going.
Reply
Thanks given by:
#5
RE: Hacked
(03-29-2017, 04:17 AM)Qtech Wrote: Yes, it's via WP - i suspect Gravity Forms.
Looking at logs there were request to phyMyadmin.

So many issues that it caused router to be rebooted every 10-15 minutes.

I am going to look close at the logs, but that might still not be indication of the extent of the hack.

Administrator accounts were created in WP, so I am assuming that if they can inject into mySQL further access to Sentora could have been mitigated.

Let me know if I am wrong.

Thanks to all that work hard to keep sentora going.

glad to hear that you found where the hack is coming from
for my wp apps I have installed a firewall that block all bad requests or "suspicious", it is for free "PHP_Firewall" its an old plugin but it works however you have to disable a few function within other way it will block some traffic from mobile 4g or 3g ip range
hope that will help you don't forget to do something about the ddos attack Smile it cost me 3 x E7-4850 cpu utill I figure it out
Reply
Thanks given by: Qtech
#6
RE: Hacked
It's not solved yet. I keep getting guy.php and 404.guy.php files popping up. in WP folder.
Also I have installed Wordfence but I get this error.

Warning: tempnam(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/sentora/hostdata/acct_name/public_html/domain:/var/sentora/temp/) in /var/sentora/hostdata/acct_name/public_html/domain/wp-

Not sure if anyone has come across this. Any insight would be helpful to solving this.
Reply
Thanks given by:
#7
RE: Hacked
(03-29-2017, 11:46 AM)Qtech Wrote: It's not solved yet. I keep getting guy.php and 404.guy.php files popping up. in WP folder.
Also I have installed Wordfence but I get this error.

Warning: tempnam(): open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/sentora/hostdata/acct_name/public_html/domain:/var/sentora/temp/) in /var/sentora/hostdata/acct_name/public_html/domain/wp-

Not sure if anyone has come across this. Any insight would be helpful to solving this.

In Sentora admin, go to
Admin>Module Admin>Apache Config.
"Override a Virtual Host Setting"
Select the domain vhost (the one with WP installed) from the drop down menu, check the box for "OpenBase Enabled" and save.

[side note, WordFence is probably the best security plugin (if you must use WP), but you have to understand how it works. I can't tell you how many customers I had to help "undo" what they did in WordFence, so they could login (or even just VISIT their own site) because they didn't know what it is capable of!]
Reply
Thanks given by: Qtech
#8
RE: Hacked
(03-29-2017, 12:40 PM)aroaminggeek Wrote: In Sentora admin, go to
Admin>Module Admin>Apache Config.
"Override a Virtual Host Setting"
Select the domain vhost (the one with WP installed) from the drop down menu, check the box for "OpenBase Enabled" and save.

[side note, WordFence is probably the best security plugin (if you must use WP), but you have to understand how it works. I can't tell you how many customers I had to help "undo" what they did in WordFence, so they could login (or even just VISIT their own site) because they didn't know what it is capable of!]

It is already checked... any other ideas?
Reply
Thanks given by:
#9
RE: Hacked
(03-29-2017, 12:58 PM)Qtech Wrote: It is already checked... any other ideas?

https://wordpress.org/support/topic/fix-...?replies=5

Try there for starters. Best to try and eliminate the problem on the WP side before mucking about in (and potentially breaking) the server side of it ("Oh crap! The CD player wont play this one CD. Let's take apart the engine and see if we can get it to work!")
Reply
Thanks given by:
#10
RE: Hacked
If you have a backup I suggest comparing the online version with the backup and see if any files are different, If files are showing up on your hosting space you did not put there, they may have even hacked the FTP account (Worth checking).
What code is inside these new files?
-TGates - Project Council

SEARCH the Forums or read the DOCUMENTATION before posting!
Support Sentora and Donate: HERE

Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Hacked - Uploading File Automatically joydeep9932 1 4 ,753 06-16-2018, 01:42 PM
Last Post: Ron-e

Forum Jump:


Users browsing this thread: 1 Guest(s)