Hi ISPconfig in my site has been running fine for a few months, and today I suddently can not login as admin and all FTP access failed. I did not change any login password, and I don't know if this is hacked or just something broken. even the login page looks different, I remember there is a logo in the page before. https://www.screencast.com/t/A9UDdWhBa My ispconfig admin login page is only accessable by the IP I defined. so it's not likely to me that it can be easily hacked. I tried to reboot the server, still the same. I tried click forgot password for admin, but it shows The lost password function is not available for this user. I can ssh login into the server. what should I do now?
Make sure you are trying to access your server. For example, use the IP-address in browser address bar: https://11.33.55.99:8080. Or shutdown your server and verify it stops responding. Read the logs to see what is happening when you try to log in. Maybe some service is not started? Since I do not know what Operating System you are running, I do not know how to test that. This might work: Code: systemctl --state=failed Consider scanning your server for malware, for example ISPProtect: https://ispprotect.com/ You can reset admin password from ssh -session: https://www.faqforge.com/linux/cont...et-the-administrator-password-in-ispconfig-3/
Hi, Taleman thanks for the reply. I tried to run the update, and got below error " Unable to read server configuration from database." I think this is related to the orignial issue. but all my sites are working fine so far. Operating System: CentOS 7.6 This application will update ISPConfig 3 on your server. Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]: Creating backup of "/usr/local/ispconfig" directory... Creating backup of "/etc" directory... Checking ISPConfig database .. Some tables where not 'OK'. Please check the list below. dbispconfig.WARNING note : The storage engine for the table doesn't support repair Press enter to continue or CTRL-C to cancel the installation .. Unable to read server configuration from database.[
I suggest trying to repair that database with PHPMyadmin, for example. Or restore dbispconfig database from backups from before this problem started. If you do not have database backups, install automysqlbackup so next time you have. If automatic repair does not do the trick, it may be possible to repair it manually. Depends on in what way it is broken.
NO! the ispconfig server is hacked, and all DB tables gone, I got the message from the ispconfig DB table: To recover your lost Database and avoid leaking it... send bitcoin to ..... I can not change all sites FTP login, what should I do now
There was recently thread about same crack with same message in database tables. Use Internet Search Engines to find that. What I remember is it probably was sql injection attack. Without backups my suggestion to recovery is to install a new server with ISPConfig, copy the websites and other stuff there plus install that automysqlbackup so you do have database backups.
Is this the security issue of ISPconfig? I already blocked all IP access to the login except mine. how can they access it?
Like I wrote, sql injection. Not an issue with ISPConfig probably. Read that thread. But it was not discovered what vulnerability was used.
I don't think so and I don't think it was done via http(s) access. My guess is your ssh or mysql access was compromised due to your server vulnerabilities that can be exploited for such.
After 10 days of the recovery, today I suddently found out that I can not open the ISPconfig login page. somehow always got ERR_CONNECTION_TIMED_OUT. I can login root and FTP. all database tables looks fine this time. all websites are running fine too. How can I troubleshoot?
