Jump to content
  • 0
Yoh Asakura

Servers hacked. How to protect it?

Question

Hello,

 

I have three servers and recently all of them has been hacked somehow. I don't know how because I already let phpmyadmin acces only to my IP Adress and I also changed the phpmyadmin folder.

 

Is there anyway I can protect my server? I believe it's about the MYSQL, php and phpmyadmin installation.

 

Anyone could help me on this?

 

Regards.

Share this post


Link to post
Share on other sites

42 answers to this question

Recommended Posts

  • 0

At least it can't hurt to disable these tools until you locate the precise source of the problem if it puts a stop to these attacks.

 

I assumed FluxCP would be relatively safe from injection due to PDO prepared statements, but then again, no software is 100% secure AFAIK

 

Last thing: it might be also worth looking if you are not using FluxCP addons/themes that would allow such an exploit to exist. It would actually be extremely easy to put such an exploit for malicious intents, I guess it also might happen accidentally as well.

 

Good luck :)

Edited by Arei

Share this post


Link to post
Share on other sites
  • 0

A lot of things that are open source can -potentially- get hacked. Hence the words "open source". FluxCP, although open source, is still -relatively- updated compared to Ceres. Your best bet is to really check any NPCs that use SQL queries. And, any poorly produced website scripts that connect to your SQL table.

Share this post


Link to post
Share on other sites
  • 0

@@Arei

I appreciate the support you gave me.

 

I didin't use any FluxCP custom themes nor even custom addons.

I believe they did the SQL Injection because of my website...the coder just told me that the php of my website was very old and he will update all now and make it better.

Edited by Yoh Asakura

Share this post


Link to post
Share on other sites
  • 0

What if they hacked your first CP, then uploaded a shell to your server somewhere (as separated file or by modifying some other php file), and it stays here? Even if you reinstall CP or change it, shell-script would still be there, and hacker could still access your server with it.

 

In that case, i would fix the security issue (if i know where it is), then reinstall webserver from scratch by reuploading fresh files again, so no other not needed/suspicious script left here.

Edited by Nebraskka

Share this post


Link to post
Share on other sites
  • 0

a warning from me to all Brazilian users (and to op):

 

DON'T EVER EVER USE ANY BR CODE IF YOU DON'T HAVE ANY KNOWLEDGE TO REVIEW IT OR YOU WILL BE HACKED!

Share this post


Link to post
Share on other sites
  • 0

Thank you everyone in this topic that tried to help. I believe with all these informations everyone can protect more their servers.

 

I'm going to change to another company. I'm still deciding between GoDaddy and OVH. Besides the fact that GoDaddy is much more expensive than other companies but their Managed VPS comes with DDoS protection and also SiteLock Firewall protection, daily backups and cPanel. OVH just comes with the DDoS Protection and we have to pay for the daily backups, but it would still be more cheap than GoDaddy.

Edited by Yoh Asakura

Share this post


Link to post
Share on other sites
  • 0

Thank you everyone in this topic that tried to help. I believe with all these informations everyone can protect more their servers.

 

I'm going to change to another company. I'm still deciding between GoDaddy and OVH. Besides the fact that GoDaddy is much more expensive than other companies but their Managed VPS comes with DDoS protection and also SiteLock Firewall protection, daily backups and cPanel. OVH just comes with the DDoS Protection and we have to pay for the daily backups, but it would still be more cheap than GoDaddy.

 

OVH have web hosting plans with additional stuff included too: https://www.ovh.ie/web-hosting/

 

By itself, changing hosting not going to help if there would be the same security holes. AntiDDoS protecting from overloading site, not from security issues.

To prevent huge consequences of hacking site, I strongly recommend to tune up SQL access rights between site and game. Allow only that stuff that you need, and prevent anything else, like deleting or reading data that site or site user probably don't need.

 

Hope you'll manage to solve your case. Wish you best!

Edited by Nebraskka

Share this post


Link to post
Share on other sites
  • 0

@@Yoh Asakura bro. My server now have been hacked too. WTF. I'm so sad.

huhu. Due to the lack strength of password. hmm.. after this I need to use the SSH keys.  :o

The hacker using my server for ddos and brute attack  :unsure:

Share this post


Link to post
Share on other sites
  • 0

@@mrlongshen

 

These people must have a horrible life. I believe they have nothing better to do. It`s a shame.

 

Try using symbols like $%{* and big and small letters and also numbers, for example D#w01^Csx*(W2@{am

Share this post


Link to post
Share on other sites
  • 0

@@Yoh Asakura yes its true. Maybe they dont have life. Now I have rebuilt my server again. Yeah,I have use ssh key authorization. So far only my laptop and pc can login. Other device cant, and also a combination of symbol, alphabet, big and small letter. By the way, is possible to get hack again? Since use the ssh key authorization now ?

Share this post


Link to post
Share on other sites
  • 0

@@mrlongshen

Read all the comments in this topic that you`ll find an answer.

There`s always a chance that you`ll get hacked. There`s no 100% safe when we talk about internet. If you`re using internet you`re not safe.

 

If you do the installations by your own always remember to get the lastest versions of MySQL, php and phpmyadmin and never forget to SECURE them. And never use root access. Remove root user/change the name.

Edited by Yoh Asakura

Share this post


Link to post
Share on other sites
  • 0

Please use PASSWORD generators for STRONG and SECURE passwords. Not to mention, try using different PORTS rather than the default ports given in the emulator. In most cases, a lot of servers stick with the default ports which isn't a safe thing really.

 

Also, don't use the same PASSWORDS for all your users / dbs. Not the smartest thing either.

Share this post


Link to post
Share on other sites
  • 0

Please use PASSWORD generators for STRONG and SECURE passwords. Not to mention, try using different PORTS rather than the default ports given in the emulator. In most cases, a lot of servers stick with the default ports which isn't a safe thing really.

 

Also, don't use the same PASSWORDS for all your users / dbs. Not the smartest thing either.

Definetly right!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.