VDS hacked by an attacker.
-
- A regular
- Posts: 33
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Fri Dec 05, 2014 2:14 pm
VDS hacked by an attacker.
Sorry about making another thread.
Today i was on the VDS and a message pops up that someone else has connected, and it kicked me off each time i tried to reconnect.
All i have done is enable FTP for filezilla and webhosting, could it be any of those? I find it really frustrating, the attacker even closed my server and opened Server manager but i don't think he did anything, he is no longer trying to connect.
I have stopped the running process webhosting in servermanager.
Today i was on the VDS and a message pops up that someone else has connected, and it kicked me off each time i tried to reconnect.
All i have done is enable FTP for filezilla and webhosting, could it be any of those? I find it really frustrating, the attacker even closed my server and opened Server manager but i don't think he did anything, he is no longer trying to connect.
I have stopped the running process webhosting in servermanager.
Re: VDS hacked by an attacker.
The message occurs when someone has your remote desktop password and tries to log in.
In your control panel, block all traffic to port 3389.
Log in to your VDS using VNC.
Change your windows user password.
Remove the firewall rule.
Have you added anyone else to the control panel? They may have been connecting without your knowledge.
In your control panel, block all traffic to port 3389.
Log in to your VDS using VNC.
Change your windows user password.
Remove the firewall rule.
Have you added anyone else to the control panel? They may have been connecting without your knowledge.
Not a NFO employee
Re: VDS hacked by an attacker.
I went to nfo servers control panel > firewall but i didn't see an option to block that specific port.
I'm changing the admin password right now.
I connected with VNC, and i see another user here.
I'm changing the admin password right now.
I connected with VNC, and i see another user here.
Re: VDS hacked by an attacker.
You would need to create your own rule to block that port.
Example: Attached
You will also need to delete that user account while the port is blocked if it should not be there.
Example: Attached
You will also need to delete that user account while the port is blocked if it should not be there.
Not a NFO employee
Re: VDS hacked by an attacker.
Hi, i just logged into the attackers account on my VDS.
And he's doing something with WAMP one of the softwares i installed.
inside the index.php there's some encrypted text.
And he's doing something with WAMP one of the softwares i installed.
inside the index.php there's some encrypted text.
Re: VDS hacked by an attacker.
This is a good reminder to everyone not to install WAMP or XAMPP on a production server unless you really know what you're doing (and if you do know what you're doing.. you should be installing the applications directly anyway). We see far too many people who are immediately exploited like this when they do it.
You should back up your files and perform a wipe.
You should back up your files and perform a wipe.
Re: VDS hacked by an attacker.
I didn't know this could happen just by installing a software.
I uninstalled both WAMP server and XAMP i wanted to try host a website that's why i installed them.
I uninstalled and changed password, am i safe now?
Anything i should turn off in server manager?
Anything else i should do.
I uninstalled both WAMP server and XAMP i wanted to try host a website that's why i installed them.
I uninstalled and changed password, am i safe now?
Anything i should turn off in server manager?
Anything else i should do.
Re: VDS hacked by an attacker.
Your safest bet would be to do as John suggested, and backup your game servers and do a reinstall of windows. You will have the same IP address(es), so your players will be able to find you again when you're back online.
You could try to do a system restore, which would restore your OS to a previous state(you would lose any changes made to the OS/files after that point though).
You could try to do a system restore, which would restore your OS to a previous state(you would lose any changes made to the OS/files after that point though).
Not a NFO employee
Re: VDS hacked by an attacker.
Yespreben wrote:Okay, i will do that.
Is enabling filezilla okay.
Not a NFO employee
-
- This is my homepage
- Posts: 82
- Joined: Thu Dec 06, 2012 3:40 pm
- Location: Rocklin, CA
- Contact:
Re: VDS hacked by an attacker.
Edge,Edge100x wrote:This is a good reminder to everyone not to install WAMP or XAMPP on a production server unless you really know what you're doing (and if you do know what you're doing.. you should be installing the applications directly anyway). We see far too many people who are immediately exploited like this when they do it.
You should back up your files and perform a wipe.
Can you provide more details on this? I have WAMP running for my B3 database but I followed all your recommended security tips and only use FileZilla to transfer applications and install locally. Changed FTP and RDP ports as well.
Re: VDS hacked by an attacker.
It's really not just WAMP or XAMPP that are insecure, most pre-configured options are going to be insecure since they are not designed for a production environment. They were designed as a quick and easy way to do development and testing.mikedbom wrote:Edge,Edge100x wrote:This is a good reminder to everyone not to install WAMP or XAMPP on a production server unless you really know what you're doing (and if you do know what you're doing.. you should be installing the applications directly anyway). We see far too many people who are immediately exploited like this when they do it.
You should back up your files and perform a wipe.
Can you provide more details on this? I have WAMP running for my B3 database but I followed all your recommended security tips and only use FileZilla to transfer applications and install locally. Changed FTP and RDP ports as well.
That doesn't mean they can't be secured, it just takes a bit more work to do so. Generally people that use those applications don't know what steps to take and in-turn leave them unsecured indefinitely.
@Kraze^NFo> Juski has a very valid point
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!
@Juski> Got my new signature, thanks!
@Kraze^NFo> Out of context!
@Juski> Doesn't matter!
@Juski> You said I had a valid point! You can't take it back now! It's out there!