MRatWork Forum by Mustafa Ramadhan

Sawo Project - Kloxo-MR Discussions => Kloxo-MR Technical Helps => Topic started by: jtaco263 on 2020-03-17, 06:35:48

Title: vps hacked
Post by: jtaco263 on 2020-03-17, 06:35:48
 my vps has been hacked with kloxo mr last version
my root password is strong and that didnt stopped the hacking
in minutes my traffic aumented to 170gbs and my space aumented to 76% of the total (aprox 120gb)
i had to kill the server and its offline to prevent cpu load and suspension
i just contacted my vps provider to get my backup of some files

i have been with kloxo mr since 2013 but i have to say goodbye because this cannot be happenning

i have a backup vps with same files but diferent control panel (vestacp) that im not having any problems

i checked the source of that files and traffic and comes from root folders

if someone know a posibiolity of this issue it wolud be great to share with me to see if theres any expploit or backdoor

thanks
Title: Re: vps hacked
Post by: juju on 2020-03-22, 20:56:34
There is your issue

-not disabling password authentication; use key
-not disabling root
-not changing default ssh port

Perhaps @mratwork can help with investigating but he has been inactive again...even forums is swamped by spam and no mods
Title: Re: vps hacked
Post by: jtaco263 on 2020-03-22, 23:38:14
hi i checked the issue is qmail queue,from nothing i had like 1.7 million mails in queue ,i  had to change to directadmin which my provider offers free license,i still have another kloxo install in my private vps which works without a problem