How to change all passwords, after suspected hack?

Discussion in 'Installation/Configuration' started by burek, Oct 15, 2010.

  1. burek

    burek New Member

    Hi,

    First of all, let me say this is the great product you are developing and thank you all guys for your effort with all this.

    Now, I've installed the ISPConfig 3, upgraded it to the latest version (3.0.3) and everything was working fine, until I've realized someone has been changing stuff (probably because several people knew the root password for shell).

    I've decided to change ALL passwords, that would be:
    1. root shell password
    2. mysql root password
    3. admin password for ispconfig control panel
    4. mysql password for "ispconfig" user

    The first 3 changes were done easily, but the number 4 gave me headaches.. I had to do a grep for the old password (searching by file contents on entire disk..) to be able to find all files that contain this password and I'm still not sure if I've changed all of them (because the grep command was working more than 24h and still wasn't finished and I had to stop it).

    So, I've got a question and a suggestion. The question is: Is there any easy (preffered) way to change the password number 4?
    The suggestion is to put this password into ISPConfig's config file only. Or to put it into a single isolated file, which will be just included by all the other files, that need this password.

    Cheers.
     
  2. giftsnake

    giftsnake New Member

    try
    Code:
    /usr/local/ispconfig/server/lib/mysql_clientdb.conf
     
  3. burek

    burek New Member

    Thanks for the help giftsnake. But I think you are reffering to the mysql 'root' password and not the mysql 'ispconfig' password (number 4 in the list).
     
  4. yoplait

    yoplait Member

    It isn't in mysql also ?
    By using phpmyadmin, for example, and change de user ispconfigdb password ?
     
  5. till

    till Super Moderator

    The password of the ispconfig user is in a lot of files as it is used by many services to connect to mysql. The exact locations of the files may vary depending on the Linux distrubution.

    /usr/local/ispconfig/server/lib/config.inc.php
    /usr/local/ispconfig/interface/lib/config.inc.php
    The files with mysql in the name in the /etc/postfix/ directory
    The sql file in the /etc/pure-ftpd directory.
    The mydns.conf file in /etc/ or /etc/mydns/ if you use mydns on that server.
    The courier authdameon file in /etc/courier or the dovecot sql file in /etc/dovecot.
    The amavisd.conf file or 50-user file of avamisd in /etc/amavisd/ or a subdirectory of it.
    The pam_smtp file in /etc/pam.d/ if you use courier.
    The vlogger-dbi configuration file in /etc
     
    Last edited: Oct 16, 2010
  6. burek

    burek New Member


    Yes, that's what I needed. Thanks a lot.
     

Share This Page