Hacker - what to do?
The client found this link in his logs:
http://www.subdomain.domain.ru/~gold...min-2.5.3-rc1/
Loading this link in the browser shows
Welcome tol phpMyAdmin 2.5.3-rc1 - Login
Language:
Cookies should hereafter be enabled.
Username:
Password:
Why would adding ~gold, another clients username with above path show this screen?
The 2 clients are not related in any way on this cpanel server. The one domain.ru is russian while the username used in this link is from a brasilian client - username gold.
The hacker send these words:
Hello SuperAdmin... LOL
Surprise for you... Your site ****ed and your hoster full LAMO
Change another hosting or i'm be crack your site always...
Catch you mysql database dump for restoring you data... Send me thanks... This your link. http://monaco.dnsrouter.com/~ username/imgs/dump.sql.gz
OK. bye...
This link shows the mysql database of the hacked client.
I'm not sure but if I remember it correctly dnsrouter.com is owned by MCHost - do they have a monaco server? I have the username of this client here.
This is new to me, hope that someone will help me learn. Should I take this serious and what steps would you take to handle this situation? Hoping for some input.
Thanks
John
