Servers hacked. How to protect it?

Yoh Asakura · June 14, 2015

Hello,

I have three servers and recently all of them has been hacked somehow. I don't know how because I already let phpmyadmin acces only to my IP Adress and I also changed the phpmyadmin folder.

Is there anyway I can protect my server? I believe it's about the MYSQL, php and phpmyadmin installation.

Anyone could help me on this?

Regards.

Yoh Asakura · June 16, 2015

@@Arei

Maybe the registration form from my website...

Anyway I won't use any CP/FluxCP as recommended by @@Dastgir

Edited June 16, 2015 by Yoh Asakura

Arei · June 16, 2015

At least it can't hurt to disable these tools until you locate the precise source of the problem if it puts a stop to these attacks.

I assumed FluxCP would be relatively safe from injection due to PDO prepared statements, but then again, no software is 100% secure AFAIK

Last thing: it might be also worth looking if you are not using FluxCP addons/themes that would allow such an exploit to exist. It would actually be extremely easy to put such an exploit for malicious intents, I guess it also might happen accidentally as well.

Good luck

Edited June 16, 2015 by Arei

Mystery · June 16, 2015

A lot of things that are open source can -potentially- get hacked. Hence the words "open source". FluxCP, although open source, is still -relatively- updated compared to Ceres. Your best bet is to really check any NPCs that use SQL queries. And, any poorly produced website scripts that connect to your SQL table.

Yoh Asakura · June 16, 2015

@@Arei

I appreciate the support you gave me.

I didin't use any FluxCP custom themes nor even custom addons.

I believe they did the SQL Injection because of my website...the coder just told me that the php of my website was very old and he will update all now and make it better.

Edited June 16, 2015 by Yoh Asakura

Arei · June 16, 2015

@@Arei

I appreciate the support you gave me.

You are welcome, I'm glad if I have been of any help

And don't forget; never, ever trust user input!

Nebraskka · June 19, 2015

What if they hacked your first CP, then uploaded a shell to your server somewhere (as separated file or by modifying some other php file), and it stays here? Even if you reinstall CP or change it, shell-script would still be there, and hacker could still access your server with it.

In that case, i would fix the security issue (if i know where it is), then reinstall webserver from scratch by reuploading fresh files again, so no other not needed/suspicious script left here.

Edited June 19, 2015 by Nebraskka

evilpuncker · June 19, 2015

a warning from me to all Brazilian users (and to op):

DON'T EVER EVER USE ANY BR CODE IF YOU DON'T HAVE ANY KNOWLEDGE TO REVIEW IT OR YOU WILL BE HACKED!

Yoh Asakura · June 21, 2015

Thank you everyone in this topic that tried to help. I believe with all these informations everyone can protect more their servers.

I'm going to change to another company. I'm still deciding between GoDaddy and OVH. Besides the fact that GoDaddy is much more expensive than other companies but their Managed VPS comes with DDoS protection and also SiteLock Firewall protection, daily backups and cPanel. OVH just comes with the DDoS Protection and we have to pay for the daily backups, but it would still be more cheap than GoDaddy.

Edited June 21, 2015 by Yoh Asakura

Nebraskka · June 22, 2015

Thank you everyone in this topic that tried to help. I believe with all these informations everyone can protect more their servers.

I'm going to change to another company. I'm still deciding between GoDaddy and OVH. Besides the fact that GoDaddy is much more expensive than other companies but their Managed VPS comes with DDoS protection and also SiteLock Firewall protection, daily backups and cPanel. OVH just comes with the DDoS Protection and we have to pay for the daily backups, but it would still be more cheap than GoDaddy.

OVH have web hosting plans with additional stuff included too: https://www.ovh.ie/web-hosting/

By itself, changing hosting not going to help if there would be the same security holes. AntiDDoS protecting from overloading site, not from security issues.

To prevent huge consequences of hacking site, I strongly recommend to tune up SQL access rights between site and game. Allow only that stuff that you need, and prevent anything else, like deleting or reading data that site or site user probably don't need.

Hope you'll manage to solve your case. Wish you best!

Edited June 22, 2015 by Nebraskka

Yoh Asakura · June 23, 2015

@@Nebraskka

As I said the problem was because my website was old, and the guy who made the website at that time he was not so good. But now he is updating all to me already.

Thank you anyway.

mrlongshen · June 29, 2015

@@Yoh Asakura bro. My server now have been hacked too. WTF. I'm so sad.

huhu. Due to the lack strength of password. hmm.. after this I need to use the SSH keys.

The hacker using my server for ddos and brute attack :unsure:

Yoh Asakura · July 5, 2015

@@mrlongshen

These people must have a horrible life. I believe they have nothing better to do. It`s a shame.

Try using symbols like $%{* and big and small letters and also numbers, for example D#w01^Csx*(W2@{am

mrlongshen · July 5, 2015

@@Yoh Asakura yes its true. Maybe they dont have life. Now I have rebuilt my server again. Yeah,I have use ssh key authorization. So far only my laptop and pc can login. Other device cant, and also a combination of symbol, alphabet, big and small letter. By the way, is possible to get hack again? Since use the ssh key authorization now ?

Yoh Asakura · July 5, 2015

@@mrlongshen

Read all the comments in this topic that you`ll find an answer.

There`s always a chance that you`ll get hacked. There`s no 100% safe when we talk about internet. If you`re using internet you`re not safe.

If you do the installations by your own always remember to get the lastest versions of MySQL, php and phpmyadmin and never forget to SECURE them. And never use root access. Remove root user/change the name.

Edited July 5, 2015 by Yoh Asakura

mleo1 · July 5, 2015

where do you host?

Mystery · July 5, 2015

Please use PASSWORD generators for STRONG and SECURE passwords. Not to mention, try using different PORTS rather than the default ports given in the emulator. In most cases, a lot of servers stick with the default ports which isn't a safe thing really.

Also, don't use the same PASSWORDS for all your users / dbs. Not the smartest thing either.

REKT · July 6, 2015

Please use PASSWORD generators for STRONG and SECURE passwords. Not to mention, try using different PORTS rather than the default ports given in the emulator. In most cases, a lot of servers stick with the default ports which isn't a safe thing really.

Also, don't use the same PASSWORDS for all your users / dbs. Not the smartest thing either.

Definetly right!

Sign In

Servers hacked. How to protect it?

Question

Share this post

Link to post

Share on other sites

42 answers to this question

Recommended Posts

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Share this post

Link to post

Share on other sites

Join the conversation

Recently Browsing 0 members

Important Information