URGENT expert advice of you guys would be so, so helpful

We just restored backup... now, entire /public_html folder is deleted again. In short, am fighting against an intruder and do need help to find the gap where he goes in.

The most shocking situation above all, intruder is also able using my local ip which allows him to login to our application! See attached screenshot

It feels strange to see this link...
http://franklula.com:2082/cpsess3176244840/3rdparty/phpMyAdmin/index.php

Have dedicated server, dedicated ip also purchased ssl certificate and of course csf installed. What else more can I do to STOP such attack?

  • Milan

    Hello Steven,

    Sorry to hear about your issues. :slight_smile:

    I am breaking this large piece of question into bits. So we can go bit by bit and answer your question well. :slight_smile:

    Entire /public_html folder is deleted again

    Mostly this can only be done if there is some code has privilege to make file editing on server and such code is injected by some third party intruder. Another possible cause is your ftp credentials are compromised.

    Intruder is also able using my local ip which allows him to login to our application

    There are some techniques through which this can be possible but instead of going in understanding those techniques my best advice to you is you contact your hosting provider as soon as possible and let them know about seriousness of this issue.

    What else more can I do to STOP such attack?

    There are plenty of things you can do for security. When term security uttered we normally tends to think that its only related to site. But security is very broad term and can be applied in any small context. ( Even in our everday life we make sure that we keep our every important things secure. ) I am giving you this explanation because it helps you to understand how important it is and how strongly its rooted in our daily life.

    So I suggest you first ask about this to your hosting provider, As far as I know they will have strong mechanisms of preventing this and different upgrades for security improvements. And also please ensure that your credentials are strong in terms of security.

    With Gratitude and Warmest Regards,
    Milan Savaliya

  • Adam Czajczyk

    Hello Steven,

    I hope you're well today!

    The structure of the link of your phpMyAdmin page is determined by the server configuration that was set up by your hosting provider. Such a "strange" URL's a quite common. On my own test server the phpMyAdmin URL is similarly complex. In case you have doubts about whether it's a proper link I think you may want to get in touch with your hosting provider directly and I'm sure they'll be able to either explain better why is it this way or correct it for you.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.