[important]Exploit!

AWS said:
Did you put all those files you had upload to the new server on the LiveCD?
Click to expand...

YES... I have an old computer that I use just for connecting my site. I do not surf anywhere else with it or use it for anything else. It's basically stripped down with only on board video (VGA), an old network card, no sound card, no hard drive, and only a DVD drive with 4gb of ram.

I boot up, I connect to my site, and then I shut down. Nothing else.

We also have no ads on our site.
 
Adam Howard said:
YES... I have an old computer that I use just for connecting my site. I do not surf anywhere else with it or use it for anything else. It's basically stripped down with only on board video (VGA), an old network card, no sound card, no hard drive, and only a DVD drive with 4gb of ram.

I boot up, I connect to my site, and then I shut down. Nothing else.

We also have no ads on our site.
Click to expand...
what about your web host's staff consoles if they have access to your server, compromise could be from web host's staffs' pcs ?
 
Adam Howard said:
YES... I have an old computer that I use just for connecting my site. I do not surf anywhere else with it or use it for anything else. It's basically stripped down with only on board video (VGA), an old network card, no sound card, no hard drive, and only a DVD drive with 4gb of ram.

I boot up, I connect to my site, and then I shut down. Nothing else.

We also have no ads on our site.
Click to expand...
You're better, to be safe, do some scanning of that box. Without a doubt the problem was on the user end and not the server end.

One of the admins on one of my sites had his home computer hit by a similar exploit a couple months ago. Used his account to drop malware on the server that would redirect users to a site and infect them. When I told him that it was his account that was hacked at first he didn't believe it. Then he scanned his box and sure enough he had a rootkit and keylogger on it. His scanner was up to date as was MalwareBytes and neither caught it. An online scan found it.
 
AWS said:
You're better, to be safe, do some scanning of that box. Without a doubt the problem was on the user end and not the server end.
Click to expand...

Scan what? No physical hard drive.

Live CD of Linux .... ie... Temporary in ram memory, shutdown and its all gone. Boot again, fresh start. That is how a Live CD works. It's like a fresh install every time you reboot.
 
p4guru said:
what about your web host's staff consoles if they have access to your server, compromise could be from web host's staffs' pcs ?
Click to expand...
Hmm....

As this is a VPS which allows me to pick from pre-made images .....

.... You maybe onto something......
 

Attachments

  • Untitled.webp
    Untitled.webp
    40.7 KB · Views: 41

Similar threads

K
Security locked users cannot access important pages
Replies
0
Views
179
Kirby
K
U
  • Question Question
XF 2.2 Important consultation on how to arrange my forum
Replies
2
Views
392
beerForo
beerForo
R
backup of important directories in /data and /internal_data
Replies
11
Views
797
⭐ Alex ⭐
⭐ Alex ⭐
nocte
  • Question Question
XF 2.2 SEO: remove h3-tags from widget block titles in sidebar and leave Headlines for more important content?
Replies
2
Views
518
JackieChun
JackieChun
M
  • Solved
XF 2.2 Deleting custom thread fields - I don't think the current functionality is good. It makes them risky to use so I don't use them for anything important
Replies
8
Views
870
Vercingetorix
Vercingetorix
Top Bottom