Issue Mysql and server hacked

Discussion in 'Plesk 12.x for Linux' started by amir, Feb 15, 2017.

  1. amir

    amir New Pleskian

    3
    20%
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    32
    I think somebody uploded a script , That they can reset password for joomla and wordpress, and also they can uploded their map.xml files to the server, I have checked mysql log, they can use mysql safe , how can I found script and also prevent the hacked?
     
  2. Peter Debik

    Peter Debik Silver Pleskian Plesk Guru

    31
    80%
    Messages:
    933
    Likes Received:
    115
    Trophy Points:
    672
    Location:
    Berlin, Germany
    You can try to identify files that have been updated recently, for instance during the past two days:
    # find ./* -mtime -2
    This can help to find an infection. But normally once a Joomla or Wordpress website is infected, you will need to delete it and replace it with a uninfected copy, change the passwords of your account and remove the vulnerable plugins that the hackers used to break into the server.

    If you have not shielded subscriptions against root access (for instance if you did not disable PHP commands shellexec(), exec() and so on), then you can equally well wipe the whole system and start over from scratch, because in that case a hacker will likely have infected many other places on the system, too, that you might never find.
     
  3. amir

    amir New Pleskian

    3
    20%
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    32
    Thank You
    How can I disable shellexec(), exec() in plesk , on whole server?
     

Share This Page

Loading...