Phishing attacks on multiple user accounts
Hi there,
I have a CentOS server with 60+ user accounts. Most of them are having phishing content in their random files and directories. I am not sure how to scan the whole server or home directory to detect the phishing content.
Is there a way to handle this?
Second issue is, it seems that most of my users are using Wordpress and Joomla etc. and that seems to be the main cause. The admin logins are compromised and hacker has uploaded phising content. So is there a way to change password of all the copies of joomla and wordpress on my server? I mean a quick sql to run directly on mysql and change passwords.
please advise.
thanks
-
Joomla and wordpress applications should be updated to latest version. Not only applications but you should update plugins and themes too. Secure joomla and wordpress as much as possible with the help of below URLs [url=http://docs.joomla.org/Security]Security - Joomla! Documentation [url=http://codex.wordpress.org/Hardening_WordPress]Hardening WordPress " WordPress Codex As far as default login is concerned I suggest you to use different cms user other than admin for both wordpress and joomla. 0 -
[quote="storminternet, post: 1650142">Joomla and wordpress applications should be updated to latest version. Not only applications but you should update plugins and themes too. Secure joomla and wordpress as much as possible with the help of below URLs [url=http://docs.joomla.org/Security]Security - Joomla! Documentation [url=http://codex.wordpress.org/Hardening_WordPress]Hardening WordPress " WordPress Codex As far as default login is concerned I suggest you to use different cms user other than admin for both wordpress and joomla.
Thanks. The problem is, these sites are not owned by me. They belong to the clients. and even after several notices, the clients won't upgrade. What should be done?0 -
Depends on your terms and conditions really. You'll get the most love* by offering to walk clients through the process of fixing the issue, but you could also argue that they are technically allowing malicious third party access to their account by not upgrading their software and this is grounds for you disabling or removing their unpatched CMS. However I do note you state most of your accounts are afflicted, are you sure that you've not been hit by a symlink attack or similar? * Amount of love received in return may not equal amount of time invested 0 -
Hello :) In addition to the advice from the other posters here, you may also want to search for "wordpress" in the "Security" forum here. There are several results discussing how to handle WordPress attacks/exploits. Thank you. 0
Please sign in to leave a comment.
Comments
4 comments