Long ago, Lao Wei saidDo not use the pagoda cracking version and happy version, but someone was greedy, which led to the server being opened and invaded. What's more, this brother went to findTower panel officialsolve.Now let's talk about the context of this matter in Weieis' notes.
On January 5, someone found that his server had an additional login account. The login status was Successful.Go to ask the official customer service staff of the pagoda.
On January 6, after being inquired by pagoda officials, they learned that the pagoda panel had executed a cracking script. They found that three pagoda authentication files and/etc/init.d/bt startup files in the server had been illegally tampered with.
ThenPagoda Official Forum(Click here to see the official announcement) Announced the details of this event, and posted the panel login log, recording the log records of the intruder's login failure and success.
The troubleshooting panel database found that an additional user was added to the user table.This is the user who invaded the server.
2. Official advice on pagoda panel
Free version of pagoda panelThe function basically meets the user's needs. Do not execute the third-party cracking script or install the happy version. At that time, I was very happy, but I was not happy when I was invaded later.
3. What should I do if I am using the cracked version/happy version
If you are using the cracked version/happy version, please go to Pagoda Panel>Security>Panel Operation Log immediately according to the official prompt to check whether there is any suspicious user name other than your own user name.
If found, immediately back up the website files, and use the free version of Pagoda to redeploy the clean site environment.
If the operation log is cleared, please directly back up the website and reinstall the free version of the pagoda panel.
4. Lao Wei's opinion
Don't be greedy. Don't execute the cracked version/happy version installation script on your own server. There may be security risks. If no Trojan virus is found, the server will become someone else's chicken someday later, which will seriously affect the normal operation of websites, applications and other businesses.
In order to save some money and bring huge security risks to your business, it's really not worth it.
Free is the most expensive, always remember this sentence!
The free version of the pagoda also has onePagoda panel free version Nginx firewallIt is available for use, and is constantly being upgraded and updated. It is also much less risky than those cracked and happy versions.
Article name: The Back Door of the Server Is Intruded Due to the Open Center Version of the Pagoda Panel Cracking Version Article link:https://www.vpsss.net/27960.html Copyright notice: The resources of this website are only for personal learning and exchange, and are not allowed to be reproduced and used for commercial purposes, otherwise, legal issues will be borne by yourself. The copyright of the pictures belongs to their respective creators, and the picture watermark is for the purpose of preventing unscrupulous people from stealing the fruits of labor.
