DB Hacked

m3th3lesh

Hello!

I need your help to find out the issue of DB hacking done on aapanel installed server. The DB is empty and Hacker has mentioned his email on the DB.

below are the settings used :

AWS Server with SSH Key
Aapanel Version 6.7.8 when accessed after 3 months. (now updated to 6.8.4)
no FTP Access.
NO other open access is given to anybody.

So team can you please help me out to check the DB logs (MariaDB 10.2.3) to find out the issues and also your team can help me to trace the logs. ?

This happened for the first time after almost 50+ Installations for last 1 year.

aaPanel_Jose

m3th3lesh

Hello, please provide the panel login information for me to check jose@aapanel.com

Stealth

It´s a Wordpress? Without security plugins is 0...

m3th3lesh

Stealth No it's not WordPress, its cs-cart e-commerce software and I know its more secured than WordPress.

m3th3lesh

aaPanel_Jose I have sent the email. Please do the needful.

aaPanel_Jose

thiagotgc m3th3lesh
Hello Sir

The following is the delete operation flow obtained after my analysis

Hackers delete the database through the /pma vulnerability

Create a hacker's table

In fact, this is because a function of panel 6.8.2 caused a security problem in phpmyadmin and 6.8.3 has been fixed

The database has been restored for you based on the binary log file

Please add a backup plan in Cron

thiagotgc

Please let us know what happened.

m3th3lesh

Thanks aaPanel_Jose , I really appreciate your Efforts and Responsilbity you took as a developer of this System. Secondly, This is the first time in my life of 10 years as an IT Company CEO none of the Hosting panel whether it's paid like Cpanel or free like other open-source panel teams never ever help us in such a scenario but in this case, @aaPanel_Jose and his team really did a good job. So I recommend aaPanel to Everyone who uses it or willing to use it.

KrzysztofMaciejewski

m3th3lesh agree! full pro support from Jose