Issue - Mysql and server hacked | Plesk Forum

Issue Mysql and server hacked

Discussion in 'Plesk 12.x for Linux' started by amir, Feb 15, 2017.

  1. amir

    amir New Pleskian

    3
    20%
    Joined:
    Jan 28, 2016
    Messages:
    13
    Likes Received:
    0
    I think somebody uploded a script , That they can reset password for joomla and wordpress, and also they can uploded their map.xml files to the server, I have checked mysql log, they can use mysql safe , how can I found script and also prevent the hacked?
     
  2. Peter Debik

    Peter Debik Golden Pleskian Plesk Guru

    34
    80%
    Joined:
    Oct 15, 2015
    Messages:
    1,545
    Likes Received:
    270
    Location:
    Berlin, Germany
    You can try to identify files that have been updated recently, for instance during the past two days:
    # find ./* -mtime -2
    This can help to find an infection. But normally once a Joomla or Wordpress website is infected, you will need to delete it and replace it with a uninfected copy, change the passwords of your account and remove the vulnerable plugins that the hackers used to break into the server.

    If you have not shielded subscriptions against root access (for instance if you did not disable PHP commands shellexec(), exec() and so on), then you can equally well wipe the whole system and start over from scratch, because in that case a hacker will likely have infected many other places on the system, too, that you might never find.
     
  3. amir

    amir New Pleskian

    3
    20%
    Joined:
    Jan 28, 2016
    Messages:
    13
    Likes Received:
    0
    Thank You
    How can I disable shellexec(), exec() in plesk , on whole server?
     
Loading...