server with ISP3 got hacked?

Discussion in 'General' started by abubin, Apr 13, 2011.

Thread Status:
Not open for further replies.
  1. abubin

    abubin New Member

    Something very strange just happened on my server. This server is running ispconfig 3.0.3.

    This server has been running for quite some time already. I just created a new website and ftp access. Around couple hours later, I checked the website and found strange files in the root folder of the web. Eg, /var/www/sites/web55/ a file called newstand.tgz and folder called newstand. In that folder I think it is drupal software but then I removed it. I then moved the newstand.tgz into the web folder thinking it was uploaded wrongly by the web team.

    However upon asking, nobody uploaded the files. Someone pointed out the newstand.tgz files is actually a joomla software files. I checked and it is joomla. So maybe the folder that I removed is joomla or drupal. No sure cause I already removed the folder.

    Also, the FTP user I created have the home directory in /var/www/sites/web55/web which I specified. Cause I was afraid the web team will upload the files into wrong place.

    Could it be possible that the server is compromised? I have checked the ftp logs and system logs but nothing is found. Anyone have any suggestions?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Does not look as if this is related to ispconfig 3.

    Does the site contain a Drupal cms system? If yes, make sure that it is the latest version of Drupal and that no vulnerable addons are installed.
     
  3. abubin

    abubin New Member

    sorry..false alarm. Found out it is someone from out of office who did that with our root password.

    Dang!! scared the shit out of me.

    Sorry for the false alarm.

    till, please close this thread or delete if you want.
     
    Last edited: Apr 13, 2011
Thread Status:
Not open for further replies.

Share This Page