WP in docker container hacked - Server sends Phishing mails - disable container from other OS with the server volume mounted?

Question

Wordpress that has not been updated in a docker container on a vServer has probably been hacked since the provider notified me about the server sending phishing mails and deactivated my machine.

Now they let me run a rescue linux from where I can mount the former server SSD. Can anyone tell me how to prevent the specific container from running when the original OS is powered up again? Cause obviously I can't call the docker daemon to set any parameters ...

score 1 · Accepted Answer · answered Sep 14 '16 at 20:19

1

The manual solution would be to delete or move /var/lib/docker/containers. Inside of each sub-folder will be a config.v2.json and hostconfig.json which you may be able adjust by hand, particularly the entry in hostconfig.json for:

"RestartPolicy":{"Name":"always","MaximumRetryCount":0}

which you can try changing to:

"RestartPolicy":{"Name":"","MaximumRetryCount":0}

You can also simply disable the Docker service, depending on how that is launched.

answered Sep 14 '16 at 20:19

BMitch

5,189
1
21
30

I see the folders in the /containers/ folder, but since their names are hashes, how do i find the right folder for the container I want to change the .config? – haemse Sep 20 '16 at 23:01
You'd need to look in each directory. – BMitch Sep 21 '16 at 01:36

WP in docker container hacked - Server sends Phishing mails - disable container from other OS with the server volume mounted?

1 Answers1