EvilZone
Hacking and Security => Hacking and Security => Topic started by: Ab+ on October 22, 2014, 02:30:14 PM
-
Hi again, please do not delete my thread. If it is in not correct category, just please transfer to other side. I still need help to fix my bady website security guard. WEB: mixas.eu. And we having attacs, I don't know how, but they stolen our password from PHPMYADMIN, MYSQL. How to stop this? PLEASE HELP :(
-
I don't thin k you'll find free help and giving you site url to the public saying it has vulnerabilities is very stupid
-
I removed your previous topic, because, well... you run a shitty Counter-strike website which you probably paid some kid to set up and leave backdoors or some rogue admin got butthurt when you demoted him and now he's going all hacky-hacky. If you don't know how to protect yourself, you shouldn't be doing this shit anyway.
Your passwords were stolen? you probably gave it out to someone directly or indirectly.
The best thing you can really do is look for and clean any shells on the site, change ALL of the passwords to something stronger...
Usually I don't bother with such crap even to give advice, because only idiots and kids try to earn money this way, not knowing how to operate a god damn ssh shell.
This is marked for removal...
-
I doubt that it's backdoor or something complex. This CMS has lot of vulnerabilities (SQLi, LFI, XSS etc), so quite anyone could gain access to db and get password hash.
Short-term solution:
- deploy some waf (modsecurity is free and open source), to prevent simple attacks
- update CMS to the latest version
- at least check that public exploits not working
In long-term perspective - find more secure solution.