Hi
I have a VPS server for my web design clients. I've so far only ever had one account hacked recently. My server provider informed me that they had received "abuse emails relating to one of your IP addresses".
I investigated using maldet and the maldet report showed that multiple PHP files had been infected and were being used to try and login into other servers/website by way of remote bruteforce from my IP. I have since suspended the account from within Directadmin. This site was running Wordpress, and the Wordpress theme or one of the plugins seems to be an issue, because it was hacked about a year ago, and I had to do a complete reinstall of the website for the same client. Its possible that the clients' Wordpress account was compromised, as they travelled abroad at the time of the account being hacked and used several Internet cafe's during that trip. Also, I am not sure that the client was using a safe non-dictionary password on the Wordpress account. Note, the DIrectadmin account was controlled by me and was very complex, so I believe that it was only Wordpress PHP files that were infected.
Regardless... I would like to un-suspend the account so I can do some work on fixing the infected Wordpress files, but don't want the account to have access to resources that would mean my IP being reported during that time.
Does anyone have any suggestions as to how to go about this?
Kind regards
I have a VPS server for my web design clients. I've so far only ever had one account hacked recently. My server provider informed me that they had received "abuse emails relating to one of your IP addresses".
The attackers used the method/service: *bruteforcelogin* on:
I investigated using maldet and the maldet report showed that multiple PHP files had been infected and were being used to try and login into other servers/website by way of remote bruteforce from my IP. I have since suspended the account from within Directadmin. This site was running Wordpress, and the Wordpress theme or one of the plugins seems to be an issue, because it was hacked about a year ago, and I had to do a complete reinstall of the website for the same client. Its possible that the clients' Wordpress account was compromised, as they travelled abroad at the time of the account being hacked and used several Internet cafe's during that trip. Also, I am not sure that the client was using a safe non-dictionary password on the Wordpress account. Note, the DIrectadmin account was controlled by me and was very complex, so I believe that it was only Wordpress PHP files that were infected.
Regardless... I would like to un-suspend the account so I can do some work on fixing the infected Wordpress files, but don't want the account to have access to resources that would mean my IP being reported during that time.
Does anyone have any suggestions as to how to go about this?
Kind regards
