Jump to content

Hacked last night

localrich

By localrich
in General Discussion

 Share

Recommended Posts

localrich Junior Member

localrich

Posted
Posted

First off I DO NOT think they got in via WHMCS, but WHMCS was the target.

 

These two IP's did the dirty work

61.5.46.167

125.160.192.154

cc.order@live.com

 

They changed one of the administartor passwords and added their gmail account it. They then created a new client and ordered 18 nodes of VPS services. Somehow they also requested the password for a client with a different email address than what is in the system. My guess is they gained MYSQL access through an outdated Joomla install on one of the subdomains we run :oops:

 

Luckily they goofed the password on the admin so I got the notice and was able to get their IP's blocked at the firewall update Joomla reset the users and admin password before they got much further. They persisted to try and get back in for 3 hours after they were blocked.

0
Link to comment
Share on other sites
easyhosting Senior Member

easyhosting

Posted
Posted
First off I DO NOT think they got in via WHMCS, but WHMCS was the target.

 

These two IP's did the dirty work

61.5.46.167

125.160.192.154

cc.order@live.com

 

They changed one of the administartor passwords and added their gmail account it. They then created a new client and ordered 18 nodes of VPS services. Somehow they also requested the password for a client with a different email address than what is in the system. My guess is they gained MYSQL access through an outdated Joomla install on one of the subdomains we run :oops:

 

Luckily they goofed the password on the admin so I got the notice and was able to get their IP's blocked at the firewall update Joomla reset the users and admin password before they got much further. They persisted to try and get back in for 3 hours after they were blocked.

 

If you still have the logs of their hack then report the IPs

 

61.5.46.167 report to abuse@telkom.net.id

http://whois.domaintools.com/61.5.46.167

 

125.160.192.154 report to abuse@telkom.net.id

http://whois.domaintools.com/125.160.192.154

0
Link to comment
Share on other sites
panacheweb Senior Member

panacheweb

Posted
Posted

what I do when I need subdomains for my hosting account such as my blog.. I make a new cpanel account that way I have security on my accounts.

 

for example blog.domain.com, secure.domain.com, and http://www.domain.com would be 3 seperate cpanel accounts using the one domain..

 

that way if you have an outdated joomla install.. like this you can just suspend the account yourself or gain control of it with an update and so forth.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept