2020 Pagoda Backdoor Incident! A serious database unauthorized access vulnerability occurs
- PHPzOriginal
- 2020-08-24 10:11:3014546browse
The pagoda has overturned, there are major vulnerabilities, many sites have been deleted, and an emergency update patch has just been released!
On August 23, 2020, Pagoda Panel was exposed to a serious security incident. This time it was not a backdoor problem, but a database unauthorized access vulnerability. The public You can directly enter phpmyadmin with root authority without authentication. IP or domain name address: 888/pma can directly enter phpMyAdmin. As a result, many website databases have been tampered with or the databases have been directly cleaned up, which can be said to be a heavy loss!
The picture below shows the unauthorized access vulnerability to the database that was discovered after using the Pagoda panel server software
The picture below shows the Alibaba Cloud Prophet’s reminder:
Actual reason:
The reason for the secure access module of phpmyadmin is that no username or password is required when the phpmyadmin database management software is installed on the pagoda panel. Manipulate the database.
Affected versions:
Pagoda Linux version 7.4.2 version
Pagoda Linux test version 7.5.14 version
Pagoda Windows version 6.8 version
Emergency solution:
1. It is recommended to change port 888 and disable phpmyadmin’s access rights in the firewall.
2. If you suspect that your database has been touched by others, you can check the access.log under /www/wwwlog (whether it is a remote IP) and check the nginx port access record. If there is a record, it is recommended to restore it. Until yesterday, or previous versions, to avoid privilege escalation.
3. Change all passwords.
4. Backup, backup, backup, you must always back up your website data regularly!
php Chinese website reminds webmasters who use Pagoda panels to take security measures as soon as possible to prevent vulnerability attacks!
7.4.2 The newly added security module causes direct entry without authentication. For things like phpma, another old and well-known server management software Xiaopi Panel has considered it very thoughtfully. I hope all major servers Integrated environment software developers should always be in awe of the security of the server environment and use technical means to try to prevent it from happening again!
The above is the detailed content of 2020 Pagoda Backdoor Incident! A serious database unauthorized access vulnerability occurs. For more information, please follow other related articles on the PHP Chinese website!