suddenly can not login: Username or Password wrong.1

Discussion in 'Installation/Configuration' started by skysky, Mar 20, 2020.

  1. skysky

    skysky New Member

    Hi

    I suddenly can not login ISPconfig 3 latest ver. recently I changed my CentOS root password, but I don't think it is related.

    I am very sure the user and password I input is correct, but I got this error: Username or Password wrong.1
    https://monosnap.com/file/xIMR5UjOfvW48wHOOCT8z1mc6nCDA9

    I tried the "lost password" button, but:
    The lost password function is not available for this user.

    what can I do?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Check that MySQL / MariaDB is started
     
  3. skysky

    skysky New Member

    Hi Till
    It's is running, and all website has no problem.
    # mysqladmin -umysql ping
    mysqld is alive
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you maybe alter the password of the ispconfig MySQL user?
     
  5. skysky

    skysky New Member

    ok, I found out the cause of the issue. the server was hacked again and the ispconfig DB data gone and showing: To recover your lost Database and avoid leaking it... send bitcoin to .....
    ........

    the exact hack to ispconfig DB happened in May 2019.
    https://www.howtoforge.com/communit...ogin-and-ftp-access-failed.82038/#post-389307
    last year, I already changed all password to very long and complicated one. but the same issue still happens this year. what else can I do?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess you have to examine the access.log files of your server and try to find out how this happened. Also take care that all programs that you use to access MySQL use SSL encryption e.g. phpmyadmin. Check if mysql is listening on the external network interface or localhost, if you don't need external access and it currently listening externally, change it to localhost. Another possibility is that a desktop system which is used by a system administrator has a trojan. Which CentOS version do you use, if it's CentOS 6, then you should consider upgrading to a current version. Of course, the issue could be a vulnerability in ISPConfig itself, but this is not very likely as we would see hundreds or thousands of similar issues here in the forum then, and that's not the case. So it's more likely that it's an issue specific to your system.
     
  7. skysky

    skysky New Member

    thanks for the advise. I am running centos 7 already. I am trying to check mysql config file to see if
    bind-address=127.0.0.1
    but when I vi /etc/mysql/my.cnf, it's empty.
    /etc/my.cnf ~/.my.cnf is ready only. why is that?

    # mysql --help | grep "Default options" -A 1
    Default options are read from the following files in the given order:
    /etc/mysql/my.cnf /etc/my.cnf ~/.my.cnf
     

Share This Page