I'm guessing I got hacked.
Posted: 21. June 2007 18:19
My server stoped a couple time so I checked to make sure everything was ok.
As far as the websites go, everything is working fine. They can access the Databases and everything like normal.
I try to log into phpmyadmin to get a better look at the databases and this message pops up.
I opened up the config.inc.php and found this.
Someone changed the password for pma to ShitFace. I don't remember what it was set to before and all passwords I've tried fail.
What should I do and how do I prevent them from doing it agian?
__________edit________
I also noticed
and changed it to cookie. This let me login to phpmyadmin.
Once I was loged in I looked at the pma user and it had a blank password so I changed that and set it in the config.inc.php
The pma account was also granted access to shut down the server. Im guessing this is why it would stop.
As far as the websites go, everything is working fine. They can access the Databases and everything like normal.
I try to log into phpmyadmin to get a better look at the databases and this message pops up.
- Code: Select all
#1045 - Access denied for user 'pma'@'localhost' (using password: YES)
I opened up the config.inc.php and found this.
- Code: Select all
$cfg['Servers'][$i]['controlpass'] = 'ShitFace';
Someone changed the password for pma to ShitFace. I don't remember what it was set to before and all passwords I've tried fail.
What should I do and how do I prevent them from doing it agian?
__________edit________
I also noticed
- Code: Select all
$cfg['Servers'][$i]['auth_type'] = 'config';
and changed it to cookie. This let me login to phpmyadmin.
Once I was loged in I looked at the pma user and it had a blank password so I changed that and set it in the config.inc.php
The pma account was also granted access to shut down the server. Im guessing this is why it would stop.