cunning river
So I guess my panel was breached and new servers and users were added. I’m guessing it has to do with #announcements message
Since I was on an old version of the panel.
I updated my panel to the latest and deleted all users and servers I didn’t recognize. Is there anything else I should do? Regenerate any keys or tokens?
dusty rapids
So I guess my panel was breached and new servers and users were added. I’m guess...
They have full machine access
So anything you do should have that in mind
cunning river
They have full machine access
How would they have that? When I logged into Termius the last login date and ip was mine. No one else was in that
dusty rapids
How would they have that? When I logged into Termius the last login date and ip ...
Dont need ssh
The exploit gave them full access to the entire machine
It let them run any code
cunning river
So by doing this update to 1.11.11 won’t fix this issue and what they done/have?
hexed scaffold
updating doesnt magically revert changes they made. There isnt really a way to know for certain what they did outside of the panel.
cunning river
Gotcha okay thank you. I reverted and deleted everything I saw that was different and added by them. Do you recommend changing any tokens or keys backend that may help
vapid junco
How would they have that? When I logged into Termius the last login date and ip ...
The exploit is able to get shell thru php lfi => it wont be added into last log
vapid junco
Gotcha okay thank you. I reverted and deleted everything I saw that was differen...
If they had shell id wipe whole os and restore user data from backup