Yes, sure. It's not a case if directadmin is installed with a help of an actual version of setup scripts. Unfortunately some users get Directadmin preinstalled on a VPS, and do not always change all the required passwords. And old installation and images might have a root@% user in MySQL as well as badly configured /etc/my.cnf.
I just got hacked database and deleted data. see photo
- Thread starter biew55
- Start date
Which passwords are required to be changed?
sufiyanshaikh
Verified User
- Joined
- Aug 14, 2019
- Messages
- 181
I found da_admin rather than root in /usr/local/directadmin/conf/my.cnf
Do I need to take any action for root ?
ikkeben
Verified User
For those who are thinking some parts / configuration from PHPmyadmin was door for such sh..
.
Try https://www.adminer.org/ simpel easy. replacement for some , if you have doubt about phpmyadmin , don't use however default names / locations is then more hidden .
.Try https://www.adminer.org/ simpel easy. replacement for some , if you have doubt about phpmyadmin , don't use however default names / locations is then more hidden .
If you rent a VPS with a pre-installed DirectAdmin it is a good idea to change all the passwords in system and MySQL, FTP.
sufiyanshaikh
Verified User
- Joined
- Aug 14, 2019
- Messages
- 181
For those who are thinking some parts / configuration from PHPmyadmin was door for such sh..
Try https://www.adminer.org/ simpel easy. replacement for some , if you have doubt about phpmyadmin , don't use however default names / locations is then more hidden .
What make you think adminer is any more safe then phpMyAdmin?
In 2018 adminer had a very bad vulnerability: https://www.cvedetails.com/cve/CVE-2018-7667/ - it was "remote", "Low complexity", and authentication was not needed to exploit it.Often when a customer site is hacked, one of the first thing the hacker does, is to upload adminer. It seem to be popular by hackers. Anyway, phpMyAdmin behind .htpasswd (default for DirectAdmin when phpMyAdmin is public), would be a much better and safer choice. Bruteforce is of no consern if you have strong passwords.
ikkeben
Verified User
What make you think adminer is any more safe then phpMyAdmin?
Often when a customer site is hacked, one of the first thing the hacker does, is to upload adminer. It seem to be popular by hackers. Anyway, phpMyAdmin behind .htpasswd (default for DirectAdmin when phpMyAdmin is public), would be a much better and safer choice. Bruteforce is of no consern if you have strong passwords.
No i don't think sorry.
Both has had their flaws, if i only want simple i do use adminer, 1 file with some directory security, and i delete the file , or rename ( extension) if not needed.
If for others users you can teach them how to use, no complex tool to . But if lot of users and needed for a databases overall tool that is allready in DA package ok..
That is why it ofcourse could be safer to use, while when not there one couldn't abuse or even try brute force on that or phpmyadmin, ofcourse because of that simple 1 file that database tool is liked by more people also ofcourse hackers. ( But is not a hacker tool ofcourse)
DirectAdmin uses `da_admin` user. I don't know what are you up to. Anyway strongs passwords should be used, and 3306 port should be closed for untrusted IPs.
LawsHosting
Verified User
I assume DA modifies the db user if clients want to use "Access Hosts"... That said, what happens if they just put a "%" (related)? TBH, this shouldn't be allowed.
I open 3306 by default, this saves support times opening the port for IPs in CSF/etc.
Richard G
Verified User
He's up to the fact that a root password also exists for mysql in Directadmin. Directadmin uses da_admin but this does not take away the fact that the root account also exists and can be used otherwise.
Check /usr/local/directadmin/scripts/setup.txt for the current mysql root password. You can change that too if needed.