Host Security

[Hyoru]

Hello, this morning someone entered my host Easyphp, he give him level 99 and give itens for everybody, that part I already fixed.

what happened: I forgot to delete the test login. Id: ragnarok, pass: ragnarok... yeah, i know im dumb. but i changed the password, GM's accounts too, and I said to everyone to change they own account password, i deleted the ragnarok ragnarok of course... and today the person that did it, said the server still vulnerable...

What he could possibly do to I still be vulnerable? and how I can fix it?

Please help me guys =/

thanks adv.

[gfxmrmark]

use xampp have a better security, but i think you just need to set it up professionaly

[tr0n]

maybe a SQL Injection in your homepage ?!

Check things like: login, password reset, account deletion, etc.

[Protimus]

It is recommended that you back up and check all your tables in the database. It is possible that the person who hacked your database, have modified some table creating an unintentional failure.

1. Keylogger is the most common type of failure and your password may be being captured by it.

2. There are other reasons, such as flaws in managers for databases, like phpMyAdmin outdated, which can be exploited.

3. If you use CeresCP or FluxCP, I advise you to disable in the emulator the special characters for char names, as this may cause a security flaw, generating XSS error and then a SQL Injection.

4. If you do not use a panel, your website may be impaired by a failure like SQL Injection, so it is important that you add "addslashes" or "mysql_real_escape" for strings in fields of login and password.

5.The other way would be to invade through a flaw in its operating system, but this is a bit trickier and I guarantee that anyone here are able to do it.

Good luck.

[sketchyphoenix]

While we're at it, is your inter-server user/pass still s1/p1?

[Matrixfox]

First I would immediately streathen my passwords with 30+ characters. Then ban that account (iptables).

Then start scanning for other harmful files that's known for this stuff (maldet) & (chkrootkit).

Mean time I will be reading the database /fixing stuff.

This is all assuming you're on Linux.

DISABLE ANONYMOUS FTP UPLOADS

Edited April 29, 2012 by Matrixfox

[Hyoru]

Thanks guys. guess i fixed thanks all.

[Chronos]

OK GUYS!!!! EasyPHP??? His wanted to me frekin!! 1000$ no kid!! if someone knows where he lives. he's a dead person!. he hacked my Yahoo Mail for like 5seconds then suddenly something will pop up. Paypal password got reset, then send money to his account then he hacked my RO for like so easily. ARGHHH

Edited April 29, 2012 by Chronos

[anacondaq]

Sorry for flooding, but why you get "%" accsess to your rodb? usually use only localhost accesss to your db.

If you want your website to join, yes, why not, but create new user for your website (if website hosted on another hosting) in mysql with limited privilegies, only what you need. and create access to db only from website IP. I think, this much help you. and never use "unknowned" scripts\mods\phpregistrations, etc...