My Site and Easyengine Hacked


#1

Hello,

My Site softonsolutions.in one more which is hosted on same ip and Easyengine Hacked.

even if i go to https://www.softonsolutions.in:59936/cache/redis/phpRedisAdmin/ showing the hacked page.

Please help me to resolve this.


#2

~# nginx -t nginx: [emerg] host not found in “default_server” of the “listen” directive in / etc/nginx/sites-enabled/22222:5 nginx: configuration file /etc/nginx/nginx.conf test failed


#3

I have restored my site, how to clean the files from easyengine directories ?


#4

Unless you really know what you’re doing and looking for, I really wouldn’t take chances with just attempting to clean a compromised system.

I’d backup and store the website(s) somewhere else, then create a fresh server (reinstall the OS), do the basic security-hardening steps, then install EasyEngine and whatever else you need to reinstall and run your WordPress site again.

Make sure to harden the security on your site as well to minimize chances of re-infection.


#5

@A_Rehman Its hard to check if Nginx directory is compromised. A simple way is to setup a new fresh server.


#6

I have scanned the whole server with Maldet. and found 2 hits, which is quarantine successfully, but still, I have a doubt in my mind about the entries.

I have requested my hoster to provide me a backup of mine VPS server, is it good to restore the entire backup ? Doing everything is a time to consume.

What is the best way to secure EasyEngine ?


#7
we have restored your server backup. We think that you became a victim of:

http://www.bleepingcomputer.com/news/security/hacked-redis-servers-being-used-to-install-the-fairware-ransomware-attack/

If you have any questions feel free to ask.
Have a nice day.

This is what I have received from my hosting provider.


#8

I just don’t understand how exploiters manage to access a REDIS server if the TCP port 6379 is blocked in firewall.

Your server has a firewall blocking all ports but 22, 80 and 443 for external access, right?


#9

Thanks janiosarmento, I really don’t know much about the EasyEngine. Can you show me how to check the blocking ports ?


#10

#11

Thanks, Correct the 6379 port is blocked, janiosarmento can you provide some guide or video tutorial to extend the security of VPS Server (EasyEngine) ?

I have installed the Wordfence to my WordPress and looking more to secure the WordPress too.

janiosarmento, Can i block the Port # 22, 22222 ?

Regards.


#12

IMHO WordFence is a lie, I don’t trust it.

If you block ports 22 and 22222 you won’t be able to access your server via SSH, neither you’ll be able to access administrative tools (I usually block 22222).


#13

Is it good practice to change auth port (22222)? How about changing the port 22 ?

As of now, I have dealt with so many retries on my wp-login.php and most of the attack has been blocked by Wordfence.

Can you suggest one, better than Wordfence, which will give the hardening security ?

Regards.


#14

WPS-Hide-Login

Rename your wp-login.php, and attackers won’t know where to go to force entrance.


#15

Thanks, I am using the one.

Please take a look in your spare time.


#16

Not a fan of WordFence the plugin exposes your server to public access. I had a test site compromised and found the source of the attack was through WordFence plugin.


#17

Set up an SSH auth key login include a passphrase. The private SSH key (the part that can be passphrase protected), is never exposed on the network. The passphrase is only used to decrypt the key on the local machine. This means that network-based brute forcing will not be possible against the passphrase. And I would do what janiosarmento suggested changing the wp-login.php so they can’t even attempt a brute force on WordPress login.


#18

Sounds good, Can you guide me how to do that ?

I have already changed the wp-login.php

Okay, Can you suggest me some other than wordfence ?

Regards.


#20

Connect to SSH DigitalOcean , you can use these tuts with other instances as the commands are the same with most Linux distributions.

Initial Server Setup for Ubuntu.

How to set up SSH Keys

How to create public/private keys using Putty. If your using a Mac you can use OpenSSH.

This information should get you in the right direction. I don’t know of any 3rd party security plugins that I would trust, also I want to correct myself from the above comment, not an SSH login, but a SSH key Authentication with a passphrase.


#21

This post was flagged by the community and is temporarily hidden.