How to change all passwords, after suspected hack?
First of all, let me say this is the great product you are developing and thank you all guys for your effort with all this.
Now, I've installed the ISPConfig 3, upgraded it to the latest version (3.0.3) and everything was working fine, until I've realized someone has been changing stuff (probably because several people knew the root password for shell).
I've decided to change ALL passwords, that would be:
1. root shell password
2. mysql root password
3. admin password for ispconfig control panel
4. mysql password for "ispconfig" user
The first 3 changes were done easily, but the number 4 gave me headaches.. I had to do a grep for the old password (searching by file contents on entire disk..) to be able to find all files that contain this password and I'm still not sure if I've changed all of them (because the grep command was working more than 24h and still wasn't finished and I had to stop it).
So, I've got a question and a suggestion. The question is: Is there any easy (preffered) way to change the password number 4?
The suggestion is to put this password into ISPConfig's config file only. Or to put it into a single isolated file, which will be just included by all the other files, that need this password.