Welcome to the JaguarPC Community
JaguarPC
Sales: (888) 338-5261
Support: (888)-551-3050
Results 1 to 5 of 5

This is a discussion on Bah! in the VPS & Dedicated forum
I just got hacked today heh Mostly my own fault but still annoying! ...

  1. 04-25-2006, 09:43 AM #1
    AlexKall
    AlexKall is offline
    JPC Guru
    Join Date
    Apr 2006
    Location
    Sweden
    Posts
    263

    Bah!

    I just got hacked today heh

    Mostly my own fault but still annoying!
    My VPS server:
    www.myfedoraserver.com

    Reply With Quote Reply With Quote
  2. 04-25-2006, 10:31 AM #2
    rainboy
    rainboy is offline
    Friendly rainboy's Avatar
    Join Date
    Apr 2006
    Location
    Eindhoven, The Netherlands
    Posts
    546
    AlexKall,

    Can you explain what happend. (do not get in details to not bring others on bad idea's)

    Maybe we can learn something here.

    Kind rergards,
    Patrick
    Reply With Quote Reply With Quote
  3. 04-25-2006, 10:42 AM #3
    AlexKall
    AlexKall is offline
    JPC Guru
    Join Date
    Apr 2006
    Location
    Sweden
    Posts
    263
    Well I think i forgot to change permissions for a Usermin user (which is a webmin user untill you specify not to give them Webmin rights) so i think they got in to webmin where they changed the root password and changed all my sites heh. They must have done it yesterday evening or this night.

    If you look at the page in my profile its changed and has a link to "their" site.
    My VPS server:
    www.myfedoraserver.com

    Reply With Quote Reply With Quote
  4. 04-25-2006, 11:04 AM #4
    rainboy
    rainboy is offline
    Friendly rainboy's Avatar
    Join Date
    Apr 2006
    Location
    Eindhoven, The Netherlands
    Posts
    546
    AlexKall,

    Ohshoot.. .that is indeed not nice, did they leave any traces ? and how bad was the hack ? root access ?

    I just hate it if applications come with default passwords, it simply should not work with any default password. And if people then have problems with running it they should just RTFM.

    Hope you get everything up and running again safely.

    Kind regards,

    Patrick
    Reply With Quote Reply With Quote
  5. 04-25-2006, 11:22 AM #5
    AlexKall
    AlexKall is offline
    JPC Guru
    Join Date
    Apr 2006
    Location
    Sweden
    Posts
    263
    Yeah they got evertyhing, they shutdown FTP and webmin and changed Root password

    But I didnt really have anything of value, which is good, only my logo and my "test" website.

    Hope they didnt get in to VZZ, not sure thought, you need to check the port and know the port to be able to login there (even though its most likley the default port )

    I had a 16 Bit password on Webmin (both upper case, lower case and numbers) my weak link was one of the linux user accounts i had created, which foolish of me had an unsecure password. Actually a name of a Swedish town, I was sure i had changed the permissions for Webmin but hadent (It didnt have SSH access though but Webmin is extreemly powerfull even if the user dont have SSH!) As the useraccount was most likely not parted from Webmin, they got in changed the password.

    My last log was from yesterday night, so it wont show a thing (logwatch) and i dont have access to the server so i cant look in the additional logs, so i dont have any proof either

    Is there a way to make logwatch mailing a bit more frequent, say every hour?
    My VPS server:
    www.myfedoraserver.com

    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules