My Kutt was hacked! How? Check yours!!
-
@timconsidine said in My Kutt was hacked! How? Check yours!!:
Kinda ridiculous that I have to do a postgres terminal query to check users.
If they support users, they should support some admin function to view users, delete, block etc etc.True!
-
@BrutalBirdie thanks! Merged and pushed an update.
-
@doodlemania2 registration is almost always disabled by default. But some apps like Kutt won't allow anyone to sign up, if registration is disabled.
-
@timconsidine this got me too. was looking for a shortener i could iframe into a client dashboard so through kutt up. I don't know how bad or if im still infected but a day or two after setting it up, all my links started to time out - they were being blocked by my browser. at the same time, I lost admin access on a totally different wp site :S i deleted kutt before i thought to investigate.
definitely reminded me as to the importance of security. i still cant get my orginal link shortener (installed on a lamp stack) to work - im worried i got the domains banned or something
-
@plains-digital may not be be as bad as you think
I appealed against some blocks and responded to incoming abuse notifications and got it cleaned up.
Kutt works well so don't be afraid to try it again - just turn off registrations. -
@timconsidine my clients domain is STILL pointing at two dodgy IPs
-
@plains-digital another thread here about Netcup had some comments about cleaning ip addresses.
-
hey @timconsidine this just happened to me today.
There was a couple of dodgy URLS probably because of the registration option I didn't check at install. I have the service down, but I wonder if there's any way to check and remove the spam users before getting the service up. I don't know how to explore the postgres db.
-
@chetbaker with 8.0.0, we have a new app notes feature. The notes get prepopulated with installation checklist.
As for postgresql, it seems to be quite easy to navigate:
db9e43bf3baf7640a8bf1b7316dee0fc89=> \dt List of relations Schema | Name | Type | Owner --------+----------------------+-------+-------------------------------------- public | domains | table | user9e43bf3baf7640a8bf1b7316dee0fc89 public | hosts | table | user9e43bf3baf7640a8bf1b7316dee0fc89 public | ips | table | user9e43bf3baf7640a8bf1b7316dee0fc89 public | knex_migrations | table | user9e43bf3baf7640a8bf1b7316dee0fc89 public | knex_migrations_lock | table | user9e43bf3baf7640a8bf1b7316dee0fc89 public | links | table | user9e43bf3baf7640a8bf1b7316dee0fc89 public | users | table | user9e43bf3baf7640a8bf1b7316dee0fc89 public | visits | table | user9e43bf3baf7640a8bf1b7316dee0fc89 (8 rows) db9e43bf3baf7640a8bf1b7316dee0fc89=> select * from links; db9e43bf3baf7640a8bf1b7316dee0fc89=> select * from users;