UnamWebPanel
UnamWebPanel copied to clipboard
UnamSanctam
PANEL HACKED!!
Hi unam the webpanel its not secure has been hacked several times i tried adding new htaccess file and not working please help me out how to secure the webpanel
You can disable error logging by removing this line: https://github.com/UnamSanctam/UnamWebPanel/blob/b8b30b7b0412fa2f817fb80df9b561291eddb186/UnamWebPanel/assets/php/session-header.php#L8
No they are probably reading the error log, I always keep all error logs (it's in UNAM_LIB\Logs) clear as a habit (as do most other administrators) so it escaped my mind that some might not (since it might not be obvious).
Then they should not be able to access it, the login is not done using the database, only by reading the config.php file.
You can check the code, and the miners will come back on their next restart. Though I am working on the next version of the web panel.
bro that solution was not possible alredy hacked again i delete the line u said and again the hacker gains acces to my panel and redirect my miners to his wallet {"algo":"rx/0","pool":"xmr-eu1.nanopool.org","port":10300,"wallet":"46vT411dNe4JrFXVnLijJBRmzyeNh9gZNH7r4smBT8GChwhb6iu2BAmEDDE31ouCxQEVLezhixbjeFJNcxWgMW646xoMFLq","password":"","nicehash":false,"ssltls":false,"max-cpu":100,"idle-wait":5,"idle-cpu":100,"stealth-targets":"Taskmgr.exe,ProcessHacker.exe,perfmon.exe,procexp.exe,procexp64.exe,ModernWarfare.exe,ShooterGame.exe,ShooterGameServer.exe,ShooterGame_BE.exe,GenshinImpact.exe,FactoryGame.exe,Borderlands2.exe,EliteDangerous64.exe,PlanetCoaster.exe,Warframe.x64.exe,NMS.exe,RainbowSix.exe,RainbowSix_BE.exe,CK2game.exe,ck3.exe,stellaris.exe,arma3.exe,arma3_x64.exe,TslGame.exe,ffxiv.exe,ffxiv_dx11.exe,GTA5.exe,FortniteClient-Win64-Shipping.exe,r5apex.exe,VALORANT.exe,csgo.exe,PortalWars-Win64-Shipping.exe,FiveM.exe,left4dead2.exe,FIFA21.exe,BlackOpsColdWar.exe,EscapeFromTarkov.exe,TEKKEN 7.exe,SRTTR.exe,DeadByDaylight-Win64-Shipping.exe,PointBlank.exe,enlisted.exe,WorldOfTanks.exe,SoTGame.exe,FiveM_b2189_GTAProcess.exe,NarakaBladepoint.exe,re8.exe,Sonic Colors - Ultimate.exe,iw6sp64_ship.exe,RocketLeague.exe,Cyberpunk2077.exe,FiveM_GTAProcess.exe,RustClient.exe,Photoshop.exe,VideoEditorPlus.exe,AfterFX.exe,League of Legends.exe,Fallout4.exe,FarCry5.exe,RDR2.exe,Little_Nightmares_II_Enhanced-Win64-Shipping.exe,NBA2K22.exe,Borderlands3.exe,LeagueClientUx.exe,RogueCompany.exe,Tiger-Win64-Shipping.exe,WatchDogsLegion.exe,Phasmophobia.exe,VRChat.exe,NBA2K21.exe,NarakaBladepoint.exe,ForzaHorizon4.exe,acad.exe,AndroidEmulatorEn.exe,bf4.exe,zula.exe,Adobe Premiere Pro.exe,GenshinImpact.exe","kill-targets":"","stealth-fullscreen":true,"remote-config":"https://pastebin.com/raw/y45PvwAd","api-endpoint":"https://owenkruse.click/api/endpoint.php"}
and i cannot enter my panel again it took me off everytime i try to enter please help us ASAP
and i cannot enter my panel again it took me off everytime i try to enter please help us ASAP
If you cannot enter the web panel then it sounds like the hacker has not gained access to your web panel but your web server, is your web server secure?
its not possible that the hacker hacks AWS they hack the webpanel bro u.u we can enter the web panel but it is automatically closing when we login he does not have access to my backend either.
What is he doing? Only changing the configuration? I can only go by what you say.
no, he make a json request /pretending be a miner) and then if we click that we took out of the panel and obviusly he changed the whole config to him
no, he make a json request /pretending be a miner) and then if we click that we took out of the panel and obviusly he changed the whole config to him he is automatically signing us out the account when we first login and transfering all our miners to his website account
You mean an XSS attack? Can one of you send your database file after it has been hacked?
please add us on discord and we can all figure this out together discord = scar69 its gonna be hard to fix over github issue comments.
I'm banned from Discord for helping people with the miner.
what about telegram?
I've had two Telegram accounts in total but they both stopped working, I don't know if it's even possible to get banned but maybe the numbers I had stopped working, . Since then I haven't used Telegram.
Unam i sent you the db and i check that in the db there's a file htaccess too in the db folder check mail please ASAP ty
He is using email only i send him the db hope we can patch this ASAP to stop that mf
Alright, looks like it's just a simple XSS attack then here: https://owenkruse.github.io/code.js, it seems like the XSS prevention stopped working in PHP 8 when they changed how a function works (when I had to update compatibility). I'll change two files which should make it work for you.
Try using this panel: UnamWebPanel.zip. I currently cannot test it so I wrote it without testing, so please tell me if it works alright.
I added htmlspecialchars into one line of class/class.ssp.php (the data_output function) and then also into the formatters in assets/php/datatables.php.
<IfModule !mod_authz_core.c> Order Allow,Deny Deny from all </IfModule> Options -Indexes
[07-Jan-2024 19:07:38 UTC] PHP Fatal error: Uncaught Error: Call to a member function prepare() on bool in /var/www/html/__UNAM_LIB/unam_lib.php:29 Stack trace: #0 /var/www/html/auth-ajax.php(11): unam_lib->unam_dbSelect() #1 {main} thrown in /var/www/html/__UNAM_LIB/unam_lib.php on line 29 [07-Jan-2024 19:08:25 UTC] PHP Warning: file_put_contents(/var/www/html/__UNAM_LIB/Logs/php-error-01-07-2024.html): Failed to open stream: Permission denied in /var/www/html/__UNAM_LIB/unam_lib.php on line 235
which permissions need? cannot save configs cant remember
755 to the db folder and unamwebpanel.db if your folder/file owners are "correct".
the __UNAM_LIB also need 777 i put 777 to db folder too i think that is insecure
okay bro, for now i dont get hacked so i will deploy that panel web to the other one hopping this helps