Home  >  Article  >  Topics  >  2020 Pagoda Backdoor Incident! A serious database unauthorized access vulnerability occurs

2020 Pagoda Backdoor Incident! A serious database unauthorized access vulnerability occurs

PHPz
PHPzOriginal
2020-08-24 10:11:3014655browse

The pagoda has overturned, there are major vulnerabilities, many sites have been deleted, and an emergency update patch has just been released!

On August 23, 2020, Pagoda Panel was exposed to a serious security incident. This time it was not a backdoor problem, but a database unauthorized access vulnerability. The public You can directly enter phpmyadmin with root authority without authentication. IP or domain name address: 888/pma can directly enter phpMyAdmin. As a result, many website databases have been tampered with or the databases have been directly cleaned up, which can be said to be a heavy loss!

The picture below shows the unauthorized access vulnerability to the database that was discovered after using the Pagoda panel server software

2020 Pagoda Backdoor Incident! A serious database unauthorized access vulnerability occurs

The picture below shows the Alibaba Cloud Prophet’s reminder:

2020 Pagoda Backdoor Incident! A serious database unauthorized access vulnerability occurs

Actual reason:

The reason for the secure access module of phpmyadmin is that no username or password is required when the phpmyadmin database management software is installed on the pagoda panel. Manipulate the database.

Affected versions:

Pagoda Linux version 7.4.2 version

Pagoda Linux test version 7.5.14 version

Pagoda Windows version 6.8 version

Emergency solution:

1. It is recommended to change port 888 and disable phpmyadmin’s access rights in the firewall.

2. If you suspect that your database has been touched by others, you can check the access.log under /www/wwwlog (whether it is a remote IP) and check the nginx port access record. If there is a record, it is recommended to restore it. Until yesterday, or previous versions, to avoid privilege escalation.

3. Change all passwords.

4. Backup, backup, backup, you must always back up your website data regularly!

Attachment:Major security vulnerability accident of Pagoda panel! Webmasters need urgent security updates (with plan)

php Chinese website reminds webmasters who use Pagoda panels to take security measures as soon as possible to prevent vulnerability attacks!

7.4.2 The newly added security module causes direct entry without authentication. For things like phpma, another old and well-known server management software Xiaopi Panel has considered it very thoughtfully. I hope all major servers Integrated environment software developers should always be in awe of the security of the server environment and use technical means to try to prevent it from happening again!

The above is the detailed content of 2020 Pagoda Backdoor Incident! A serious database unauthorized access vulnerability occurs. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn