1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Two servers with 10.2.0 got hacked

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by StefanGlae, Sep 25, 2012.

  1. StefanGlae

    StefanGlae New Pleskian

    10
     
    Joined:
    Sep 25, 2012
    Messages:
    1
    Likes Received:
    0
    Hello,

    today two of our servers got hacked shortly one after another (between one hour). It looks alike, that the attacker got a bash using a normal user login (the password contains 16 letters, numbers, special charakters). I don't know, how they did that?!?

    But they did not blurred their traces, so that I was able to find the "fin.sh" script. This script has made some modifcations in our system, especially it places the file "eng.php" into /opt/psa/admin/htdocs/enterprise/control folder and it also changes the /etc/ssh/sshd_config file.

    Is anybody out there from parallels to investigate the backuped scripts?

    Kind regards,
    Stefan
     
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,576
    Likes Received:
    1,244
    Location:
    Novosibirsk, Russia
Loading...