How to change all passwords, after suspected hack?

[burek]

Hi,

First of all, let me say this is the great product you are developing and thank you all guys for your effort with all this.

Now, I've installed the ISPConfig 3, upgraded it to the latest version (3.0.3) and everything was working fine, until I've realized someone has been changing stuff (probably because several people knew the root password for shell).

I've decided to change ALL passwords, that would be:
1. root shell password
2. mysql root password
3. admin password for ispconfig control panel
4. mysql password for "ispconfig" user

The first 3 changes were done easily, but the number 4 gave me headaches.. I had to do a grep for the old password (searching by file contents on entire disk..) to be able to find all files that contain this password and I'm still not sure if I've changed all of them (because the grep command was working more than 24h and still wasn't finished and I had to stop it).

So, I've got a question and a suggestion. The question is: Is there any easy (preffered) way to change the password number 4?
The suggestion is to put this password into ISPConfig's config file only. Or to put it into a single isolated file, which will be just included by all the other files, that need this password.

Cheers.

[giftsnake]

try

Code:

/usr/local/ispconfig/server/lib/mysql_clientdb.conf

[burek]

Quote:

Originally Posted by giftsnake

try

Code:

/usr/local/ispconfig/server/lib/mysql_clientdb.conf

Thanks for the help giftsnake. But I think you are reffering to the mysql 'root' password and not the mysql 'ispconfig' password (number 4 in the list).

[yoplait]

It isn't in mysql also ?
By using phpmyadmin, for example, and change de user ispconfigdb password ?

[till]

The password of the ispconfig user is in a lot of files as it is used by many services to connect to mysql. The exact locations of the files may vary depending on the Linux distrubution.

/usr/local/ispconfig/server/lib/config.inc.php
/usr/local/ispconfig/interface/lib/config.inc.php
The files with mysql in the name in the /etc/postfix/ directory
The sql file in the /etc/pure-ftpd directory.
The mydns.conf file in /etc/ or /etc/mydns/ if you use mydns on that server.
The courier authdameon file in /etc/courier or the dovecot sql file in /etc/dovecot.
The amavisd.conf file or 50-user file of avamisd in /etc/amavisd/ or a subdirectory of it.
The pam_smtp file in /etc/pam.d/ if you use courier.
The vlogger-dbi configuration file in /etc

[burek]

Quote:

Originally Posted by till

The password of the ispconfig user is in a lot of files as it is sued by many services to connect to mysql. The exact locations of the files may vary depending on the Linux distrubution.

/usr/local/ispconfig/server/lib/config.inc.php
/usr/local/ispconfig/interface/lib/config.inc.php
The files with mysql in the name in the /etc/postfix/ directory
The sql file in the /etc/pure-ftpd directory.
The mydns.conf file in /etc/ or /etc/mydns/ if you use mydns on that server.
The courier authdameon file in /etc/courier or the dovecot sql file in /etc/dovecot.
The amavisd.conf file or 50-user file of avamisd in /etc/amavisd/ or a subdirectory of it.
The pam_smtp file in /etc/pam.d/ if you use courier.
The vlogger-dbi configuration file in /etc

Yes, that's what I needed. Thanks a lot.