Closed T0niiiiii closed 7 years ago
It's impossible existing an exploit both on Arcturus and Chocolatey.
Chocolatey was totally coded in a way secured against exploits. You can't in any way inject SQL's.
I think someone accessed your database. Arcturus it's used in many hotels, but you can ask directly on RaGEZONE forums. Since I didn't developed Arcturus, I'm not 100% sure.
Check if your database password was strength? Was using cPanel? MySQL was accessible remotely? Do a triple check on everything. Is your staff 100% trustable?
Mysql only localhost access and we have phpmyadmin. wanna see some web logs? https://pastebin.com/gnxPqZrf
Good thing is that I have backups :D
phpmyadmin it's accessible remotely?
Someone deleted by phpmyadmin
but password wasn't easy. I told my team don't make phpmyadmin or mysql access to public and I think they now understand why. Thx anyway. I think tests folder should be deleted?
Tests folder from Chocolatey? You can delete it if you want. But they doesn't bother anyone.
Anyways, Don't give PMA public access please.
Closing.
Hope it does not happend again, jumped a little bit when that email showed up on my screen. :) closing ok sry
Yes, this is good example for everyone. Don't make mysql or phpmyadmin access to public. My team wanted that because it's easy, but not secure.
My friend. There is a saying: "Easiest doesn't walk together with securest".
Hahahah, that's true! :)
This cms maybe exploit, but I'm not sure yet. It can be arcturus too. Someone delete my hotel database. Time to go back PlusEmu and revcms :D
Santoro, can u check is there any exploit? I will check my web logs etc