How Not To Get Hacked - Checking Out Web Hosting Security
May 8, 2007
I normally hang out in the web design area, so it there is a related thread, please point me there.
I have been hosting a very small site with, what I thought, was a respectable local company. This morning I went to my home page and guess what - my friendly neighbourhood hacker paid me a visit. Gone (commented out) is my home page content, replaced with the following text:
I would like to report that your site is highly compromisable. Please review your hosts security settings. I would recommend changing though, they are a piece of ****.
(I have not deleted anything. the original page is commented out but is still located in this file.)
This security message has been brought to you by Scorpian & AV.
How do I deal with this? If I get no response from my current hosting company on how someone got hold of my ftp password, I want to move my site, but how do I know the next company has better security measures? And what should these security measures include? Any tick lists out there for testing domain host's security?
View 7 Replies
ADVERTISEMENT
Feb 25, 2008
When I try to access my CPanel, I get the following error message
r00t-x...here ]
your Security...Get DoWn
sorry ..
YOU ARE OWNED!
#my Email
:: Members::
HaCkeR Al-MaDiNaH~_~eVil CeLL
Is it a problem with my account, or a server problem. Is there anything I can do to prevent this problem? Mods please remove anything which is not as per TOS
View 14 Replies
View Related
May 14, 2009
Just wanted to share my experiences with you once again. There are a select number of companies on this planet that really seem to go out of the way to be obnoxiously bad at their jobs. Comcast, AIG, United Airlines - the familiar litany. Well, my experience with online hosting would put Network Solutions right up there with those in competition for the title 'Worst Company in America.'
Here's the current problem. Yesterday, May 14, 2009, at about 6:00AM, one of my users reported that my site had come up with a malware/virus alert on his computer. This was odd, as I am not a malware host. Further, my work computer had been infected the day before, though I had only visited reputable news sites; and my own site.
Lo and behold, upon investigation I found that my site had been hacked to carry the FakeAlert-CL trojan, which had the effect of causing my computer to pretend it had been badly hacked to get me to buy some spurious anti-virus software. Essentially, buying "protection" in the Mafia sense.
Luckily for me, this is not my first rodeo with Network Solutions' laughable excuse for security. This exact same thing had happened 18 months or so ago. I realized then that a worm had infected NS's shared hosting servers, and had changed every file with "index" anywhere in the title to include an < iframe > tag linking to a malware site (from which the computer would be infected).
So here's my workaround. I downloaded and repaired the three index files which control my site. I then deleted the infected files, and re-uploaded clean ones. Being prudent, and having experience with this, I also uploaded *backup* copies with different file names. This proved wise. NS has now been hacked 3 times in the last 18 hours in the exact same way. Each time I get hacked again, I simply delete the infected 'index' file and rename my backup to replace it, then upload a new backup for later use.
Some notes: this has affected my entire Movable Type system by corrupting the templates. However, it attacks only the base index.php file; if you simply fix that one file, then rebuild your Movable Type database, the offending code snippet will be removed. Secondarily, some sections of my site (my bulletin board, for instance) do not have 'index' in the title of their operative files. If I could remove every index file from my site and rename them, I would, but unfortunately too many of the components are hard-wired for that name. Finally, I tried CHMODing the index files to 444, which should have prevented even an Administrator from overwriting or changing them, but it had no effect.
So, back to NS. I contacted a person from NS' marketing department (who contacted me after I posted a previous complaint on this board) and let him know that I had been hacked. He told me he was referring me to "third level support" (meaning what? they speak better English?). I have since been hacked twice more, and have emailed this same PR guy both times. The last time I asked for a phone call; no shock, I have not yet heard back. Maybe this post will prompt a response.
At any rate, to those of you experiencing this with Network Solutions, hopefully my solution will help you. To those of you considering a hosting provider, DO NOT CHOOSE NETWORK SOLUTIONS.
View 14 Replies
View Related
Apr 14, 2008
Our web site has been hacked many time over the last few months. The hacker only puts links to other site in our html code. We changed the FTP password many time but we are still finding malicious code in our main index page and other pages on the site.
We can figure how and from where they are coming in and how prevent further hacks.
View 2 Replies
View Related
Apr 8, 2008
I am conducting some research into potential risks that web hosts have to deal with on a daily basis. What potential security risks are there for web hosts ? And how do they overcome these issues?
View 6 Replies
View Related
Mar 24, 2007
I have hosting - php/apache - with Orchard Hosting, and I've been with them for many years and there's never been a problem.
Then, a couple of days ago I realised from my logs a text file had been put in a directory in my webspace without me knowing anything about it. I emailed my host and they said it could have happened by either:
1. someone using ftp and getting into my account
2. someone injecting PHP through a form on the site.
I've added some code to my validation to look for <? and fwrite keywords but I think it's secure! But in the logs, there's no visits to the pages where the forms are (one of which is AJAX powered) - so I'm not sure it's injection.
Is someone using some kind of anonymous connection to my FTP (which shoudn't work!) the most viable reason why this has happened?
View 3 Replies
View Related
Jun 11, 2007
I have a server is running windows 2003 enterpirse as WEB HOSTING. It don'nt configure to become Domain Controller. Anyone advise me that Should I do if this server will attached by hacker, virus or OS error,damage?
View 4 Replies
View Related
Apr 26, 2009
From some weeks I try to have a secure install for my Debian. THis server will be a shared hosting host so need special security but I don't know how to do this.
My requirement are :
- Apache
- PHP (mod, not cgi)
Actually, users can navigate into my server by using phpshell script. And someone put lots of file into /tmp directory so I tri to secure all of that but don't find good tuto for that; do you know where can i have some?
And what about php using cron so execute with php-cli how to secure it?
View 3 Replies
View Related
Jan 20, 2008
About next week, I'll put a Linux box on the web.
Could anyone suggest what kind of security measures I could implement?
Iptables:
- Protect against DDos?
- Protect against certain worms?
- Protect against flooding?
Services:
- Protect against constant dictionary attacks based on ports?
Pretty much any experience you could put down in this thread would be invaluable.
Also mod, if this shouldnt be here. Feel free to move, Im not sure where it should go!
View 9 Replies
View Related
Nov 18, 2008
I'm a web designer trying to find a web host for a client. I've set up several clients, including the one in question, at IX and haven't had a problem until the other day, when my client's site was hacked. A redirect code was inserted, taking the user to a false site that installed a virus. The offending code was removed by IX but the client's experience with their tech support was less than satisfactory. I've seen similar stories on this forum and others.
I'm looking to find another host and have some questions about security on shared hosting plans. I understand that they're not completely secure but I'm wondering if certain hosts or certain servers are more susceptible to hacks than others? I see very little, if any, mention of security on sites of hosts offering low-cost, shared hosting plans.
Fewer low-cost hosts seem to be offering dedicated IP addresses. Is a shared IP address going to be less secure than a dedicated one?
My client's site is info only -- no ecommerce or user login -- so it doesn't have to be Fort Knox, but they shouldn't have to worry about it being hijacked either.
Lots of questions, I know. It's my first time posting on this forum, so be gentle.
View 9 Replies
View Related
Dec 15, 2008
I have read many helpful feedbacks regarding choosing a reliable web host. Most of the concerns are centered around costs. However, I am more particular about the relative security of my website in addition to other perks such as space, speed and bandwidth. I rate my concerns on a 1-10 scale:
Security 9/10
Bandwidth 7.5/10
Disk space 6/10
E-mails, backups, etc: 8/10
Cost: 7/10
View 10 Replies
View Related
Jul 19, 2007
Which methods is need to protect a hosting server?
View 10 Replies
View Related
May 26, 2009
I am in a shared hosting environment. Their php's setting does not have open_basedir set and safe_mode is off.
I was poking around their server and noticed that using some simple system() calls within a php script, I was able to access /etc/passwd and therefore access all their client's public_html.
I am currently calling them to let them know of the vulnerability. But out of curiosity, is it normal that I can read all the other site hosted? They do have config files with mysql pasword in it.
View 3 Replies
View Related
May 10, 2008
I've been reading these forums for a while now... a lot of very interesting and useful stuff. However, I've always been happy with the hosting of my site until recently, and have never had a pressing reason for wanting to change.
However, I recently had a four day outage to my site. The hosting company (which shall remain nameless, for now) put this down to a security problem which meant they had to take down the shared Windows server and go through all the sites on the server looking for the site that had bad code which caused the security outage. I also has problems with malicious javascript being injected into my pages prior to this.
I quote from the hosting company "Unfortunately this is a shared hosting solution and by its very nature, it means that poor code affects all sites on that web server. .... The vulnerabilities of ASP, MS-SQL and .Net are well documented." They then proceeded to try to sell me a dedicated server (which I believe will likely be too expensive for my needs).
I'm no expert on hosting, but this doesn't sound right to me. Is all Windows shared hosting afflicted with these kinds of security problems? or only when it's not set up right? I need reliability, but not absolute 100% bulletproof uptime if it comes with a dedicated server pricetag. I do need to avoid outages of a number of hours/days (!!) however
Hopefully one of the experts here can put me right I can't believe that Windows hosting security is that bad that no company can have a shared hosting product that avoids the aforementioned problems. What do you think?
View 12 Replies
View Related
Sep 10, 2007
MySQL 5.0 supports stored procedures -- but is it safe to allow shared hosting customers to have privileges to create them? If the procedures are global, does that mean that:
a) one customer could write a procedure which accessed another customer's data?
b) any customer could call a procedure created by a different customer?
c) any customer could override an existing mysql function in a way that would affect other customers?
d) any customer could write a function that bound to a system library and crash the entire server instance?
View 8 Replies
View Related
Feb 27, 2009
My information:
I have my photography site (sfxphoto.com) currently being hosted as my main site (site contents are located inside of the publichtml folder). I also have my photo retouching site (elite-retouch.com) being hosted as a sub-domain under the main site (which has it's own folder inside of the publichtml folder). I'm being hosted through InfluxHost on a Linux server.
My Dilemma:
For the photo retouching site, I want to be able to give my clients their OWN FTP access to a designated potion of the server.
So, lets say my client upload directory is "publichtml/eliteretouch.com/client_ftp". I then want to be able to make a folder for (we'll call him) client_a inside of the "/client_ftp" folder. So the full directory to THAT clients specific folder will be: "publichtml/eliteretouch.com/client_ftp/client_a"
How can I:
1) ...set their specific FTP to open to their directory only?
2) ...ensure that they cannot navigate to other folders on my server?
3) ...make it so that the login information doesn't carry the MAIN site name, but the sub-domain site name instead?
View 7 Replies
View Related
Mar 23, 2008
I am a web designer, and have been doing this for about 5 years now and have never encountered such a problem. I had a problem come up a few days ago where one of my clients got into an argument with the Mavrick Team web hosting and computer services company's owner regarding services. She has reported to me that he went into her email account, and has emailed her clients false information about her services after their heated discussion. She told him that she was going to press charges. He told her that he had harvested all of her clients email addresses and will email them to her competitors if she does not back down. What can she do? I feel awkward as I am in the middle of it now. I was the one who referred her to Mavrick Team (aka as I host them) for web hosting services, and moved her site to their servers. This man has created such a big problem for this women now. Her clients are doubting her services and he is blackmailing her. She does not owe him any monies. She has forwarded two of the emails that her clients forwarded to her, so I know she is not making this thing up. I advised her to move all of her emails to a personal email account, contact all of her clients to let them know that someone has access to their info, and I am helping her move her site. Who can she report them to?
View 12 Replies
View Related
Nov 18, 2007
My server is a linux based o
How I can check all the databases on my server to see which of the DBs are corrupted?
View 2 Replies
View Related
Apr 4, 2008
I run a web hosting company and one of my servers is a LAMP server running CentOs 5. A user of mine has a Joomla installation running to manage his website and he has run into the following problem that I am puzzled by.
When Joomla adds a component or module to itself, or when a user uses the Joomla upload functionality, Joomla will add the new files under the user name "apache". This makes sense as it is the apache service running PHP that is actually creating the files.
However, when he FTP's into the account to modify these files, he doesn't have the appropriate permissions to do so as he doesn't have a root level login, just permissions on his home directory which is the site. Any help would be much appreciated.
Also, does anyone know how to change the owner/group of a directory and all of its sub directories in Linux without changing the actual permissions? I.e. some of the files in the folder have different permissions (0644 as apposed to 0755) than its parent but if I do a top down user/group change on the folder it will change everything in that folder to 0755.
View 10 Replies
View Related
May 20, 2009
My server load is high, i checked and see everuthing is ok.
I think my sata disk cannot support my hard disk traffic.
Is it posible to check wich file used more hard disk traffic? (rpm speed)
View 7 Replies
View Related
Nov 28, 2007
I am looking at a VPS of one friend, using OpenVZ. It has 256MB RAM, but it always goes down, and the host asks my friend to upgrade to larger RAM. I have read that if UBC setting is too low, the VPS could not use all allocated RAM, not sure if it's correctly or not, but is there anyway to check?
This is some info ...
View 5 Replies
View Related
Jun 21, 2007
I have it installed on server, but sometimes it's dead, but no warning from system. It will prevent emails working then. So I wonder if there is any way to check clamav? when it's not working, system will release an email to the admin?
View 8 Replies
View Related
Aug 9, 2008
is there any method to check if all the memory on a server is working?
View 3 Replies
View Related
Apr 23, 2008
I have opened up ports 5151 and 123 via iptables. From outside the box, is there a way I can verify that these ports are open?
View 6 Replies
View Related
Mar 5, 2007
How can figure out which functions are active on my server?
I have root access and the server is Linux.
I want to know wheather the function "fsockopen" is open or not.
View 7 Replies
View Related
Jan 18, 2007
I'm on shared hosting (apache) and would like to closer inspect my log files. 2 questions I have at the moment.
1. Where can I typically find my log files for downloading?
2. Is there any good (free) software I can use locally (Windows desktop) that can manage these logs i.e. stats, searches etc? At the moment I mainly want to run a search on the log files.
View 2 Replies
View Related
Feb 13, 2008
Is there a way to track outgoing mail that's sent from a Linux server? I'm running on Fedora 8 now, and would like to confirm and check mail that's being sent out by a PHP application.
View 4 Replies
View Related
Aug 5, 2009
Searching G, I find these for running checks on blacklisted ips:
http://whatismyipaddress.com/staticp...ss-blacklisted
http://www.mxtoolbox.com/blacklists.aspx
Which both seem to be for blacklisted email servers. But what about checking if the ip has been blacklisted for other reasons ( business practices, reports of complaint, adult sites, etc)
What is a decent check?
This is for checking on newly assigned dedicated ip's ( or other) before applying them to domains on a new account.
View 0 Replies
View Related
Nov 21, 2008
Checking a domain for RBL listing
How can I check if my domain is listed in the RBL listing?
View 7 Replies
View Related
Apr 3, 2008
I'd like to look at what my HELO configuration is but don't know how or where to look.
I am using a dedicated Linux/cPanel server. I'd like to make sure the HELO is configured correctly. My mailing software is EXIM.
View 1 Replies
View Related
Mar 3, 2007
I have installed 3dm for checking 3ware 8086 card status, but when going to [url] it doesnt show anything. It seems cannot connect to 1080 port, even I have turned off the firewall. Have checked in its config file already to make sure the port is 1080
Is there anyone having experience with 3dm software?
View 3 Replies
View Related
