Sorry in advance, i am new to this forum and i hope i will be following its guideline.
Yesterday, my owncloud MariaDB database was hacked (wiped) asking for some bitcoin exchange.
Files are still there on the server (no loss) just the DB (so i guess all the user schema definition and file sharing access permission).
This is not a big deal but i want to understand what vulnerability was use to fix it before restoring
MariaDB port is not open on the internet
Owncloud use defaut https port (version 10.8.0.4)
phpmyadmin is opened to internet (version 5.2)
The owncloud db access was secured with a strong password.
Actually, there was another database on accessible with this user that did not get wiped (only the owncloud db)
This is why i believe it is not a php issue but a proper owncloud vulnerability
The version is not last one (10.10) but pretty recent. It is running on php 7.3
Have you heard such vulnerability on owncloud 10 ?
MAny thanks for your feedback / expertise.
DB hacked and Wiped
Operating system: Asustor NAS latest OS (Linux based)
ownCloud version: (see ownCloud admin page)
Updated from an older ownCloud or fresh install:
more than a year ago from v9
Where did you install ownCloud from:
on premise taking the official community edition
The content of config/config.php:<?php $CONFIG = array ( 'instanceid' => 'ochc97m805z3', 'passwordsalt' => 'NOTPROVIDED', 'secret' => 'NOTPROVIDED', 'trusted_domains' => array ( 0 => '192.168.1.20', 1 => 'NOTPROVIDED' ), 'datadirectory' => '/volume1/Web/owncloud/data', 'overwrite.cli.url' => 'https://192.168.1.20/owncloud', 'dbtype' => 'mysql', 'version' => '10.8.0.4', 'dbname' => 'owncloud', 'dbhost' => 'localhost', 'dbtableprefix' => 'oc_', 'dbuser' => 'NOTPROVIDED', 'dbpassword' => 'NOTPROVIDED', 'logtimezone' => 'UTC', 'installed' => true, 'theme' => '', 'loglevel' => 3, 'log_rotate_size' => false, 'maintenance' => false, 'enable_avatars' => false, 'updater.secret' => 'NOTPROVIDED', 'mail_domain' => 'NOTPROVIDED', 'mail_from_address' => 'NOTPROVIDED', 'mail_smtpmode' => 'smtp', 'mail_smtpauthtype' => 'LOGIN', 'mail_smtphost' => 'ssl0.ovh.net', 'mail_smtpport' => '587', 'mail_smtpauth' => 1, 'mail_smtpname' => 'NOTPROVIDED', 'mail_smtppassword' => 'NOTPROVIDED', ); **List of activated apps:** Contact