TopicsPagoda Panel2020 Pagoda Backdoor Incident! A serious database unauthorized access vulnerability occurs2020 Pagoda Backdoor Incident! A serious database unauthorized access vulnerability occurs
The pagoda has overturned, there are major vulnerabilities, many sites have been deleted, and an emergency update patch has just been released!
On August 23, 2020, Pagoda Panel was exposed to a serious security incident. This time it was not a backdoor problem, but a database unauthorized access vulnerability. The public You can directly enter phpmyadmin with root authority without authentication. IP or domain name address: 888/pma can directly enter phpMyAdmin. As a result, many website databases have been tampered with or the databases have been directly cleaned up, which can be said to be a heavy loss!
The picture below shows the unauthorized access vulnerability to the database that was discovered after using the Pagoda panel server software
The picture below shows the Alibaba Cloud Prophet’s reminder:
Actual reason:
The reason for the secure access module of phpmyadmin is that no username or password is required when the phpmyadmin database management software is installed on the pagoda panel. Manipulate the database.
Affected versions:
Pagoda Linux version 7.4.2 version
Pagoda Linux test version 7.5.14 version
Pagoda Windows version 6.8 version
Emergency solution:
1. It is recommended to change port 888 and disable phpmyadmin’s access rights in the firewall.
2. If you suspect that your database has been touched by others, you can check the access.log under /www/wwwlog (whether it is a remote IP) and check the nginx port access record. If there is a record, it is recommended to restore it. Until yesterday, or previous versions, to avoid privilege escalation.
3. Change all passwords.
4. Backup, backup, backup, you must always back up your website data regularly!
php Chinese website reminds webmasters who use Pagoda panels to take security measures as soon as possible to prevent vulnerability attacks!
7.4.2 The newly added security module causes direct entry without authentication. For things like phpma, another old and well-known server management software Xiaopi Panel has considered it very thoughtfully. I hope all major servers Integrated environment software developers should always be in awe of the security of the server environment and use technical means to try to prevent it from happening again!
The above is the detailed content of 2020 Pagoda Backdoor Incident! A serious database unauthorized access vulnerability occurs. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
SublimeText3 Chinese version
Chinese version, very easy to use
