Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st April 2006, 16:34
MvincM MvincM is offline
Member
 
Join Date: Apr 2006
Posts: 62
Thanks: 1
Thanked 4 Times in 2 Posts
Default Are there any security bugs?

Hi,

Maybe it is coincidence but...

After installling ISP my server was hacked. Server was update regulary and for at least 1 yesr everything was ok (no bad guys).

And suddenly afert installing ISP server get hacked.

Are you know some security hole? What happened? Any ideas?

Thanks in advanced!

Best regards,
MvincM
Reply With Quote
Sponsored Links
  #2  
Old 21st April 2006, 17:13
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,744 Times in 2,577 Posts
Default

There are no known security bugs in ISPConfig.
Did you change the ISPConfig admin password immediately after installation?
Do you know how you got hacked?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st April 2006, 17:33
MvincM MvincM is offline
Member
 
Join Date: Apr 2006
Posts: 62
Thanks: 1
Thanked 4 Times in 2 Posts
Default

Yes. I did

They (he) log in to my server from:

user-12hdje2.cable.mindspring.com (but it could be fake)

reboot server and change my root password - so now I can't even login to root account and trace them and search for rootkit or sth... Server stay in Datacenter...

I have shell access but only for normal user...

"last" command display:

root pts/0 user-12hdje2.cab Fri Apr 21 03:08 - 03:08 (00:00)
root pts/0 205.209.190.19 Fri Apr 21 03:05 - 03:05 (00:00)
reboot system boot 2.6.8-3-686 Fri Apr 21 02:44 (14:46)

I can't figure out how they do that... I'm preaty sure I don't have any keylogger on my PC so I don't know...

Any ideas???

Best regards,
MvincM
Reply With Quote
  #4  
Old 21st April 2006, 17:54
MvincM MvincM is offline
Member
 
Join Date: Apr 2006
Posts: 62
Thanks: 1
Thanked 4 Times in 2 Posts
 
Default

FAKE ALERT !!!

Just imagine !!! that Datacenter staff reboot my server, change my root password from console (in single mode) - not saveing the previous one.

All these things were made without informing the client (me) !!!

I have inform them about server hacking and then they remind to inform me about all this mess... In my opinion something is wrong with customer care in this company...

Thanks a lot for your interesting.

End of Topic.

MvincM
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Anything Security Related sbovisjb1 Forum Suggestions 2 6th April 2006 16:55
ISPConfig Security - Firewall cybereatl Installation/Configuration 5 2nd April 2006 17:02
Possible security problem bjmg General 2 15th March 2006 18:33
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs ebbay Installation/Configuration 9 4th March 2006 11:47
ProFTPD potential security hole domino Server Operation 3 19th August 2005 03:25


All times are GMT +2. The time now is 13:01.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.