I've been running this ISPConfig system for a few years couple of years now. It was build using the perfect setup guides. Current version is 2.2.18 and OS is Ubuntu gutsy 7.10. I've had it running without any problems. However yesterday I was informed one of the website had been hacked. So tried to login to the server and could not login using root. Logged in using my own account and then changed the root password. Found out 3 websites in total had been hacked. index files had been replaced. Restored from backup. I checked the logs and did see some thing called morpheus fu****g scanner mentioned. I know I have not updated the system in a long time and will be looking to do this ASAP but for the time being any advice what should I do from this happening again. ? especially the worry is how did they manage to change the root password ? I am no expert on linux and this was my first and only project with it so please bear with me. Thanks in advance.
I guess this has nothing to do with ISPConfig, but with leaks in your web applications. The safest thing to do would be to set the system up again from scratch because you never know what else the hackers changed.
