All Site passwords changed

[wstream]

Hi All

I need some info and help

We have a dedicated server witha handfull of joomla sites and 1 wordpress site.

last night we had the wordpress site hacked.

As a result all other sites that are joomla had their user table - user passwords chaged and privelages changed to superadmin.

Whats puzzling me is how they were able to change passwords on other databases in the same server.

At worst they could have got hold of the DB password for the wordpress database but not the others.

so how would they have changed the data on the other db's

In order to protect against this happening again ill need to determin the route taken.

Any help or pointers greatly appreciated.

Thanks

Ash

 

[cPanelMichael]

Hello

I have moved this thread to the "Security" forum. You should receive more user feedback here. Also, the following thread may be helpful:

My dedicated server hackers can drop database tables

Thank you.

 

[quizknows]

You got hit with a symlink hack.

http://forums.cpanel.net/f185/solutions-handling-symlink-attacks-202242.html

In short, a hacker can use a default cPanel/WHM/Apache setup to get read access to everyones configuration.php files. With that they have all the SQL usernames/passwords to change the admin tables.

I suggest cloudlinux with securelinks, or at least SuPHP with the EasyApache "Symlink Race Condition" protection.

 

[wstream]

Hi Michael - thanks for the move

Quizknows - thanks for the reply - yup looks like thats what happened - have applied RUID2 and JailShell

Thanks again guys

Ash