default sql: INSERT INTO users
(id
, username
, password
, login_ip
, login_time
, phone
, email
) VALUES
(1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');
Hacking attacks with and through aaPanel
CQT what is that? what are you saying ?
KrzysztofMaciejewski <div class = "copyright"> Copyright © 2014-2099 <a href=" http://www.bt.cn "target=" blank"> {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}} (<a href=" http://www.bt.cn "target=" blank"> www.bt.cn </a>) Alle Rechte vorbehalten </ div>
( {{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}} )
=Keylogger
And this line creates a user in the DB, like 287962566@qq.com, which is not deleted. Thus, the user has constant access to aaPanel
default sql: INSERT INTO users (id, username, password, login_ip, login_time, phone, email) VALUES
(1, 'admin', '21232f297a57a5a743894a0e4a801fc3', '192.168.0.10', '2016-12-10 15:12:56', 0, '287962566@qq.com');
I can't say yet and I won't, but the lines make me think! First I want to have a statement from aaPanel_Jose, it can also be corpses, but why should one leave such corpses. In addition, we have not yet examined the entire script
due to code is open on github we can invite pentesters to check vulnerabilities and tracking info i know few blackhat hackers i will invite them to do a pentest the web application
CQT
emmm, this is the file used when the database is initialized or the database is damaged. It will not be automatically called and needs to be executed manually.
In addition, It is impossible for us to collect user login information. We take the privacy of each user very seriously
The development of the shielding country function of the system firewall is nearing completion. Will be released soon~
thank you Jose for the answer.
What about this line?
<div class="copyright">Copyright © 2014-2099 <a href="http://www.bt.cn" target="_blank">{{data['lan']['BT']}}</a>{{data['lan']['PS1']}}(<a href="http://www.bt.cn" target="_blank">www.bt.cn</a>) All Rights Reserved</div>
{{data ['lan'] ['BT']}} < / a> {{data ['lan'] ['PS1']}}
CQT
This is a front-end template for python, is there any problem?
CQT I only see a copyright footer or notice in there, nothing else refers to any "hacking" as stated in the forum topic tittle tho...
- Edited
This makes me think that CQT is talking ...
idflorin
Discussing things about security is only good and no harm for aaPanel, whether it is correct or not
aaPanel_Jose thumbs up to that!!!
- Edited
On some level, we need to find out why these servers are being attacked like this. I have one that I fired up today's ago, not shut down my OVH because of the non-stop attacks.
So what are the footprints that are being targeted? Why are they going so hard after this panel. I had Virtualmin on this before this, no problem for years. Now with aapanel, in two days it gets shut down by my provider. I can't even get to it to move the websites. :-(
https://www.screencast.com/t/RJKx0s31
I want to point out as well, people talk about Block at cloudflare etc, that only works against a domain, not an IP address. So if it's the IP and not the domain they are attacking, you are screwed.
- Edited
It's a shame, these sites and IPs have been up and working fine for years, now completely reached, can't even keep an IP up. Attacks from China, Hong Kong, and Africa. To the ip, so no way to stop them at cloud flare.
gacott
Do you mean that you have suffered a lot of attacks after using aaPanel?
gacott is ovh vps has no ddos protection? layer 7 ddos attack?
aaPanel_Jose we have about 3800 attacks and 122 Ips in a week from which the attacks are carried out. it definitely has something to do with bt.cn. Before that, we also used Openscoure Panels and it was just about 20 or 30 attacks. Since we removed aaPanel and only ran it for the test, the whole thing has normalized again to about 30 attacks.