Host Security

Hyoru · April 28, 2012

Hello, this morning someone entered my host Easyphp, he give him level 99 and give itens for everybody, that part I already fixed.

what happened: I forgot to delete the test login. Id: ragnarok, pass: ragnarok... yeah, i know im dumb. but i changed the password, GM's accounts too, and I said to everyone to change they own account password, i deleted the ragnarok ragnarok of course... and today the person that did it, said the server still vulnerable...

What he could possibly do to I still be vulnerable? and how I can fix it?

Please help me guys =/

thanks adv.

gfxmrmark · April 28, 2012

use xampp have a better security, but i think you just need to set it up professionaly

tr0n · April 28, 2012

maybe a SQL Injection in your homepage ?!

Check things like: login, password reset, account deletion, etc.

Protimus · April 28, 2012

It is recommended that you back up and check all your tables in the database. It is possible that the person who hacked your database, have modified some table creating an unintentional failure.

1. Keylogger is the most common type of failure and your password may be being captured by it.

2. There are other reasons, such as flaws in managers for databases, like phpMyAdmin outdated, which can be exploited.

3. If you use CeresCP or FluxCP, I advise you to disable in the emulator the special characters for char names, as this may cause a security flaw, generating XSS error and then a SQL Injection.

4. If you do not use a panel, your website may be impaired by a failure like SQL Injection, so it is important that you add "addslashes" or "mysql_real_escape" for strings in fields of login and password.

5.The other way would be to invade through a flaw in its operating system, but this is a bit trickier and I guarantee that anyone here are able to do it.

Good luck.

sketchyphoenix · April 28, 2012

While we're at it, is your inter-server user/pass still s1/p1?

Matrixfox · April 29, 2012

First I would immediately streathen my passwords with 30+ characters. Then ban that account (iptables).

Then start scanning for other harmful files that's known for this stuff (maldet) & (chkrootkit).

Mean time I will be reading the database /fixing stuff.

This is all assuming you're on Linux.

DISABLE ANONYMOUS FTP UPLOADS

Edited April 29, 2012 by Matrixfox

Hyoru · April 29, 2012

Thanks guys. guess i fixed thanks all.

Chronos · April 29, 2012

OK GUYS!!!! EasyPHP??? His wanted to me frekin!! 1000$ no kid!! if someone knows where he lives. he's a dead person!. he hacked my Yahoo Mail for like 5seconds then suddenly something will pop up. Paypal password got reset, then send money to his account then he hacked my RO for like so easily. ARGHHH

Edited April 29, 2012 by Chronos

anacondaq · May 28, 2012

Sorry for flooding, but why you get "%" accsess to your rodb? usually use only localhost accesss to your db.

If you want your website to join, yes, why not, but create new user for your website (if website hosted on another hosting) in mysql with limited privilegies, only what you need. and create access to db only from website IP. I think, this much help you. and never use "unknowned" scripts\mods\phpregistrations, etc...

Sign In

Host Security

Question

Hyoru

8 answers to this question

Recommended Posts

gfxmrmark

tr0n

Protimus

sketchyphoenix

Matrixfox

Hyoru

Chronos

anacondaq

Join the conversation

Recently Browsing 0 members

Docs

Get Started

Github

Community

My Account