(03-29-2017, 04:17 AM)Qtech Wrote: Yes, it's via WP - i suspect Gravity Forms.
Looking at logs there were request to phyMyadmin.
So many issues that it caused router to be rebooted every 10-15 minutes.
I am going to look close at the logs, but that might still not be indication of the extent of the hack.
Administrator accounts were created in WP, so I am assuming that if they can inject into mySQL further access to Sentora could have been mitigated.
Let me know if I am wrong.
Thanks to all that work hard to keep sentora going.
glad to hear that you found where the hack is coming from
for my wp apps I have installed a firewall that block all bad requests or "suspicious", it is for free "PHP_Firewall" its an old plugin but it works however you have to disable a few function within other way it will block some traffic from mobile 4g or 3g ip range
hope that will help you don't forget to do something about the ddos attack
it cost me 3 x E7-4850 cpu utill I figure it out
