1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How can I get a list of WP databases?

Discussion in 'Site & Server Administration' started by DomainMagnate, Dec 13, 2014.

  1. #1
    How can I get a list of all the WP databases from whm, across all accounts? If it's possible to do? thanks
     
    DomainMagnate, Dec 13, 2014 IP
  2. zacharooni

    zacharooni Well-Known Member

    Messages:
    346
    Likes Received:
    20
    Best Answers:
    4
    Trophy Points:
    120
    #2
    Traditionally, wordpress databases are named USER_wrdpX

    It's probably more accurate to do inside of of SSH via:

    mysqlshow | grep wrdp
     
    zacharooni, Dec 13, 2014 IP
  3. DomainMagnate

    DomainMagnate Illustrious Member

    Messages:
    10,932
    Likes Received:
    1,022
    Best Answers:
    0
    Trophy Points:
    455
    #3
    Hi Zach, thanks!
    I'm having too many problems on my dedi server in the past month or two. First some sites were defaced and files deleted. Then someone hacked the server and used it to send a lot of spam emails through many different accounts. And I have 100+ accounts so it's hard to keep track of, there were hundreds of GB's of spam accumulated apparently.
    Then now I've noticed that many of my wp logins and passwords were changed to the same login/pass combination... Is that common? Or maybe my hosting company has really crappy security? Or because I don't bother updating all the wp installation frequently, what do you think?
     
    DomainMagnate, Dec 13, 2014 IP
  4. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #4
    The last statement is probably the main problem. Not updating the software on the server is REALLY bad way of running things.
     
    PoPSiCLe, Dec 13, 2014 IP
    DomainMagnate and PhiladelphiaIM like this.
  5. DomainMagnate

    DomainMagnate Illustrious Member

    Messages:
    10,932
    Likes Received:
    1,022
    Best Answers:
    0
    Trophy Points:
    455
    #5
    there are constant incompatibility issues with wp though. Newer versions don't always support older plugins.
     
    DomainMagnate, Dec 13, 2014 IP
  6. PhiladelphiaIM

    PhiladelphiaIM Notable Member

    Messages:
    290
    Likes Received:
    78
    Best Answers:
    0
    Trophy Points:
    215
    #6
    That's one of the downsides to upgrading, DM - but plugin incompatibility is nothing compared to security vulnerabilities and server-wide breaches.
     
    PhiladelphiaIM, Dec 13, 2014 IP
  7. wslade

    wslade Active Member

    Messages:
    35
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    58
    #7
    I'm really sorry to hear that your server is being messed with. I'm curious about why you think the databases are involved? The databases are not always compromised by hackers.

    I wouldn't want to face over 100 hacked accounts. And even trying to decide what to do first is not easy. Have you run a virus scan on your server? ClamAV is a free cPanel plugin that does a ok job of finding malware and it's probably already installed. I'm assuming your server is not IIS based.

    Running ClamAV will give you a list of all the infected files. Looking at this will give you an idea of the scope of your problem. If the malware is almost everywhere, you may need to go back to a non infected back up. Even if it's two or more months old, it could cut down on the amount of work needed.

    If there is no back up available or if a large number of files are still OK then you can fix the accounts one at a time. If the login has be changed, you can get logged into any WP site using phpMyAdmin. One button will update the WP core files and dump any malware contained in the core files. Installing the Wordfence security plugin will tell if any plugins have code that is different from the repository. Wordfence also gives you a side by side view so you can see if the differences contain malicious code.

    If you don't already have cPHulk and CSF installed, do that as soon as you can. These are also free programs usually already installed with cPanel. CPHulk will protect against brute force attacks against your server services like the cPanel, SSH, POP3 and ftp (Wordfence will help with brute force attacks on you WP sites). CSF is a good firewall.

    If your databases are involved, or if you have modified the WP core files instead of building Child Templates means even more work. I hope you find that the number of damaged files and sites are limited.

    More and more WP plugins and templates are automatically updating themselves. Wordfence will tell you when you have plugins that should be updated. There is still the occasional conflict but WP sites are getting easier to maintain all the time. When you get everything fixed on your server it will be easier to protect in the future.

    Good luck with your repairs.
     
    wslade, Dec 13, 2014 IP
    DomainMagnate likes this.
  8. DomainMagnate

    DomainMagnate Illustrious Member

    Messages:
    10,932
    Likes Received:
    1,022
    Best Answers:
    0
    Trophy Points:
    455
    #8
    wslade, thanks that's quite informative!
    I had a bunch of changes done lately and would rather not roll back older versions. I was thinking maybe I can just change all logins/usernames with some sql query? Or would that not be possible because they are on different accounts?
    I've managed to identify the databases affected, they have the same new username/password as admin user.
    I'll definitely update the wps now and run some malware scans. However I feel these scans don't always find the infected files, so the server support ran them a few times and still there are issues.
     
    DomainMagnate, Dec 13, 2014 IP
  9. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #9
    Outdated plugins are just as much of a security risk as outdated core files. So are outdated themes. All of these might contain security holes that can aid in breaking into your accounts, and perhaps also give access to more files on the server, depending on how access-restrictions are set up. You should ALWAYS keep the core files updated, regardless of any problems with plugins - just inform your users that you'll always update the core files as soon as possible, and that any plugins not compatible will be turned off unless they're able to update. I think it's also possible to do a central storage of plugins on your server, so as to not have to update 100s of accounts, but I can't for the life of me remember how that was done.
     
    PoPSiCLe, Dec 13, 2014 IP
  10. wslade

    wslade Active Member

    Messages:
    35
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    58
    #10
    Hey DomainMagnate,

    I'm certainly not a WP or DB expert. You may be able to automate the process of changing info in wp_user. Assuming your server has cPanel you will have a phpMyAdmin containing all the DBs used by your scripts and all your server functions. This script is located at Home > SQL Services > phpMyAdmin. If you can't find a way to automate the process at least everything is in one spot. And just a few edits is all it takes for each account.

    As soon as you get control of the login, password and email of each site, you will want to install Wordfence or some other plugin with all the same functions. As I said in my first post, Wordfence will show you all the differences. These differences will contain your changes and any malware.

    You will want to change ALL passwords. This includes root, DB passwords, account logins and ftp (if the ftps use a different password). I suggest that you not store ftp or account passwords on your DESKTOP. I know this is a huge pain with the number of accounts you have. I use lastpass to store all my passwords.

    The easiest system to hack is a desktop and there are a number of malwares designed to harvest passwords, especially from common FTP Clients. I believe a high percentage of hacked servers are accessed using harvested desktop ftp credentials. If you check your servers ftp logs, you may very well find IPs you do not recognize. Obviously if you don't lock down ftp access, you are still at risk.

    It's a lot too do...best wishes
     
    wslade, Dec 13, 2014 IP
    DomainMagnate likes this.
  11. DomainMagnate

    DomainMagnate Illustrious Member

    Messages:
    10,932
    Likes Received:
    1,022
    Best Answers:
    0
    Trophy Points:
    455
    #11
    I managed to get all the logins/passwords changed! But now can I upgrade all wps together somehow through whm, or at least semi-automatically?
    Or should I go to each wp, login and do it manually?
     
    DomainMagnate, Dec 16, 2014 IP
  12. wslade

    wslade Active Member

    Messages:
    35
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    58
    #12
    Hey! I'm glad you now have control of all your sites.

    Sorry, but I don't know of any way other than one at site a time to clean up any malware that may be left. You may find that your WP core has been automatically be updated to the latest (4.1) version if your previous version was new enough to have auto updates.

    You mentioned that you had a bunch of changes done recently. If the changes were done using a Child Template, you will be in good shape for upgrading. If the changes were made to core WordPress files, then updating will be a challenge. WP updates blow away the existing files and reloads new ones. Meaning any changes made to core files will be gone after an update.

    If you think you have modified core files, you don't want to do an update until you can copy all the files with changes. Install Wordfence, set the options and find the changed files before you update anything. Keep reading, I have explained this process in the following paragraphs.

    If you have not modified any core files, it is OK to update WP and all the plugins and then install Wordfence. After setting the Wordfence options (I have all boxes checked in the "Scans to include" section of the options), then run a scan.

    If the scan finds any issues, they will be shown in New Issues on the scan page. If there are files that do not match the repository, you can click to see a side by side code comparison. Look especially for code with a green background on the RIGHT side. This means something has been added to your active file. If you don't recognize the code as something you added, it will likely be malicious. The malicious code may look very much like normal WP code. When in doubt rename the file that is in doubt and replace it with the known good file from the repository. Other than manually renaming and saving the file, you can load the repository file with just one click in Wordfence.

    If you do have modified WP core files, now is a good time to set up a Child Template for your active theme. If you need to take this step there is a lot of information about how to build a child template. Some premium templates already have a Child Theme included. If you have questions about this process, let me know.
     
    wslade, Dec 20, 2014 IP