cookkoo
Basic Pleskian
Hello Support Team,
As my site got Hack, and the Hacker delete all of my web content (I have 2 million members profile). After admin investigate we found the Hacker from IP 89.248.162.167 is who is Hacker. And the idea of admin about vulnerability is Plesk issue. This looks as Plesk vulnerability. Or one of Plesk's modules. (Sorry, If this is wrong) the reason as below:
cat /var/log/auth.log | grep Accepted | grep -v "171.4"
This command will show you ALL successful login, except of logins from your subnetwork
Why admin thought if this is Plesk vulnerability.
1) There are few logins. I mean, few logins from direct location. I'm not sure if some hacker will use few IP's to delete single content
2) It uses RSA key, which was somewhere generated
But admin believe, this is Plesk Control Panel vulnerability.
Please suggestion
Thank you
As my site got Hack, and the Hacker delete all of my web content (I have 2 million members profile). After admin investigate we found the Hacker from IP 89.248.162.167 is who is Hacker. And the idea of admin about vulnerability is Plesk issue. This looks as Plesk vulnerability. Or one of Plesk's modules. (Sorry, If this is wrong) the reason as below:
cat /var/log/auth.log | grep Accepted | grep -v "171.4"
This command will show you ALL successful login, except of logins from your subnetwork
Why admin thought if this is Plesk vulnerability.
1) There are few logins. I mean, few logins from direct location. I'm not sure if some hacker will use few IP's to delete single content
2) It uses RSA key, which was somewhere generated
But admin believe, this is Plesk Control Panel vulnerability.
Please suggestion
Thank you