Hack attack

That's the way it's supposed to be, please check my other message

Quote from ssibal

I think the VUXXX user is the problem since listing the modificated documentums the user who made the changes was the VUXXX user, somehow they used it, if I run Drupal without i-mscp they couldnt use the VUXXX user, so somehow it must be related.
By disabling I mean, you can disable user with Ubuntu:

sudo passwd -l [user_name]

I dont know the type of the attack, also I dont know how should I provide logs.
All what happened is, they were able to add files (new index.html / jpeg, adminer.php) to the root, and remove the old index.php. All actins were done by VUXXX user.

You're thinking wrong As far as can see, you make some assumptions without understanding how the whole thing is working. The vuxxx user is an unix user without shell access Thus, disabling that user by running the sudo passwd -l [user_name] command will not have any effect... It is normal that any change made inside your document root (htdocs) is done by the vuxxx user because the drupal PHP scripts are run under that user. Again, you must check your drupal application for any security hole, malware and so on.

TO RESUME: The problem here is not the vuxxx user nor i-MSCP. The problem is your drupal application

@ssibal

https://www.ostraining.com/blo…eck-drupal-site-security/

BTW: Scared about what exactly? All those SSH connection attempts? The pam library do its job You could change ssh port and install fail2ban to protect your server. Almost every servers are victim of dictionary attack on default ssh port The problem here is that you're a beginner

@ssibal

Read my previous answer I've given you a link which could help you to check your drupal site

@ssibal

You're welcome. We have all started a day You should take more time to learn and think before crying about something that you don't really understand

The actual Production Drupal version is 7.34
The version you use is for sure quite old, and as far I can imagine your modules also.
Updates of Drupal and Drupal modules are not just for bug corrections, but often also for security reasons.

What you have to do:
1. download your drupal personal files (sites/default/settings.php, sites/all/themes, sites/default/files, etc)
2. type down the list in sites/all/modules
3. put your actual site under maintenance
4. delete all your files in your htdocs directory
5. download drupal 7.2 and upload it to your webserver (from drupal website)
6. download all your modules and upload them to your modules directory (from drupal website)
7. upload your personal files
8. run cron on your site
9. download the latest drupal version and upload it to your site
10. upgrade your site (http://www.xxxyyyzz.com/update.php)
10. upgrade all your modules to the latest version (using available updates checker in drupal and follow the procedure)
11. test your site and come out of maintenance

At the end you'll be sure that you'll have a clean install of drupal without viruses or hacked files and you'll also have the latest versions installed.
Before beginning this procedure BACKUP YOUR SITE AND DB !!!

@kess
Even easier is to

1. Back-up your files and databases (check if you have any hacked core files/themes that you need to save)
2. Install Drush ( apt-get install drush / pear channel-discover pear.drush.org - pear remote-list -c drush - pear install drush/drush )
3. Go to your root directory (where your main index.php is)
4. Type drush up
5. Read carefully what updates are available