jonomite 29 Posted May 10, 2018 Posted May 10, 2018 Greetings, A couple days ago, it looks like someone gained unauthorized access to my server. It looks like they added a new library, installed a few plugins, and messed with a few settings. I believe the unauthorized access may have occurred because I (shockingly...) did not have a password entered for several of my accounts. I promptly corrected the problem. I deleted all but my admin user account and changed the password on that. I also undid whatever mischief I was able to see on my server. But I am wondering if I am still at risk of unauthorized access. This morning, I noticed what appeared to be a suspicious login from a browser that I do not recognize. Is it possible that someone is still accessing my server even after changing the password? Is it possible that anything was surreptitiously installed on my server that would allow them to still access it, even after a password change? I have run virus scans on my system and haven't been able to detect any malicious program installs - I can't find any evidence that they actually gained access to my file system. For the time being, I have disabled all external/remote connections. I would appreciate any help anyone can offer on this.
kanipek 230 Posted May 10, 2018 Posted May 10, 2018 There have been some changes in the latest version. You might have been seeing those. They do involve seeing new libraries. Can you be more specific about what you saw? Sent from my SM-N900T using Tapatalk
jonomite 29 Posted May 10, 2018 Author Posted May 10, 2018 There have been some changes in the latest version. You might have been seeing those. They do involve seeing new libraries. Can you be more specific about what you saw? Sent from my SM-N900T using Tapatalk Someone created a new library called "test" and added a bunch of random drives to it. Sent from my Nexus 5X using Tapatalk
chef 3810 Posted May 10, 2018 Posted May 10, 2018 (edited) You're most likely fine now, but always add credentials to any account facing the Internet, especially if it has any kind of admin authority. Embys authentication is really good, so you're okay if all the accounts have passwords. Edited May 10, 2018 by chef
Luke 42085 Posted May 10, 2018 Posted May 10, 2018 Once you change the password then existing sessions will be terminated. Are you still seeing the activity? 1
chef 3810 Posted May 11, 2018 Posted May 11, 2018 Once you change the password then existing sessions will be terminated. Are you still seeing the activity? That I a great piece of info. Changing passwords terminate sessions.
jonomite 29 Posted May 12, 2018 Author Posted May 12, 2018 Thanks to everyone for the replies. I've changed the passwords again. For now, I feel pretty secure. Can anyone direct me to a step-by-step guide on the best way to enable https for remote connections? Sent from my Nexus 5X using Tapatalk
jonomite 29 Posted May 12, 2018 Author Posted May 12, 2018 Oh my, I sure don't. Looks like I really have to start from square one and get a super basic step-by-step! Sent from my Nexus 5X using Tapatalk
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now