Hacked, Any hole on plesk 8.1 ?? Plesk hacked via the panel , dont know how !

[x007]

Hi all,

Just want to report someting here,
I have a server since several year
currently whit plesk 8.1.


2 days ago i just tryed to log into the admin
panel then password not good ?? What the hell is appening...

Log into ssh look into the plesk password file and notice someone have changed the admin password ! Chezz...

So i go to log in whit the password i found, themn change it right back whit another pass, as well changed the admin email (the hacker put is how email there too.. Smart ***)

The hacker have created a user in plesk & a domain then created a ssh account on it.

So basicly that give im a ssh account.

Hapily, look like this guys dont want to harm anyting
as he dont look to have hurt anyting.

I found that came from a romania IP but i want to know how he was able to Hack into plesk ???

Look like plesk was the entry point for this hacker !

Is that appenned to anyone else ???
And more important where is the hole ????

 

[atomicturtle]

Maybe they've owned your desktop?

 

[x007]

i dont think, else they would have a lot more
usefull login better than the admin panel of plesk,
i have couple of servers and used other pass..

I dont see how he can have the plesk pass.
I was the only one to have this password and if my
PC was infected some way i think he have better to use the
root pass directly.

I'm going to check my pc in case but i doubt...

Originally posted by atomicturtle
Maybe they've owned your desktop?

 

[atomicturtle]

there was an sql injection vulnerability that came out a month or so ago. Did you update the system to fix that?