Hi all. On September 6, I noticed that traffic on the site had dropped. Having accessed it, I realized that there were no files on it. The files on the server have been deleted and there are no backups or anything. What could be the problem and how to solve it?
If you do not have any backups, you’ll probaly do not get your files back. I have no idea what happened, it’s also impossible without analyse the server. Probaly easiest thing is to get you a sysadmin to check your system, then also work on a backup concept.
how can this be done?
As I wrote in my post, or do it yourself, but you need to know how to open log files and understand them.
how can all your files be gone? it sounds like your server was hacked?
(post deleted by author)
i do a few things that i think help; I put all my servers behind cloudflare free plan so hackers never have visibility of server ip, greatly reduces the chances of anyone finding the server therefore cannot scan it for vulnerabilities, and adding wordfence on all websites so it blocks any malicious attacks like sql injection, XSS, and setup ssh access only to one ip via host firewall and auto update server
(post deleted by author)
from what i can see, my server is only running php-frm for backend
This is ridiculous the bug has been patched in 1.8
It would require for the “hacker” have access to the by
- abusing a know bug in Wordpress
or
2. have access as a client
Then abuse the bug
And he only has read access …
Hello Marcus!
Thanks for your reply.
Oops, did I miss something?
Is php-fpm safe to use on 1.8.x stable or on 1.9.x-alpha today? I was refering to the exploit reported by Mr. Smitka in the following thread here:
If yes, then I would be shocked because there was someone, who had uploaded one zip file on my VPS. There was no other framework based project installed at this time. There were only simply php scripts installed on my non-commercial project that would not give any possibility to make changes in the php.ini and upload etc.
But php-fpm was installed at the time of uploading. This was before one month and I used HestiaCP 1.8.12. So if the explaoit reported by Mr. Smitka was removed i.e. patched in this version, then I will have to be much more vigilant and check that out.
BTW, I have never ever used Wordpress. Nor I ever had clients or external people having any access on my VPS. The zip was uploaded on the domain running with hestia version 1.8.12. Thus, I removed php-fpm and installed 1.9-alpha.
yes, this bug and yes, it has been patched in the current hestia version. no need to uninstall php-fpm.
Hello Raphael!
Many thanks. I must have missed to note it.