1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Issue Mysql and server hacked

Discussion in 'Plesk 12.x for Linux' started by amir, Feb 15, 2017.

  1. amir

    amir New Pleskian

    3
    20%
    Joined:
    Jan 28, 2016
    Messages:
    13
    Likes Received:
    0
    I think somebody uploded a script , That they can reset password for joomla and wordpress, and also they can uploded their map.xml files to the server, I have checked mysql log, they can use mysql safe , how can I found script and also prevent the hacked?
     
  2. Peter Debik

    Peter Debik Golden Pleskian Plesk Guru

    37
    80%
    Joined:
    Oct 15, 2015
    Messages:
    1,981
    Likes Received:
    403
    Location:
    Berlin, Germany
    You can try to identify files that have been updated recently, for instance during the past two days:
    # find ./* -mtime -2
    This can help to find an infection. But normally once a Joomla or Wordpress website is infected, you will need to delete it and replace it with a uninfected copy, change the passwords of your account and remove the vulnerable plugins that the hackers used to break into the server.

    If you have not shielded subscriptions against root access (for instance if you did not disable PHP commands shellexec(), exec() and so on), then you can equally well wipe the whole system and start over from scratch, because in that case a hacker will likely have infected many other places on the system, too, that you might never find.
     
  3. amir

    amir New Pleskian

    3
    20%
    Joined:
    Jan 28, 2016
    Messages:
    13
    Likes Received:
    0
    Thank You
    How can I disable shellexec(), exec() in plesk , on whole server?
     
Loading...