Our web site has been hacked many time over the last few months. The hacker only puts links to other site in our html code. We changed the FTP password many time but we are still finding malicious code in our main index page and other pages on the site.
We can figure how and from where they are coming in and how prevent further hacks.
Just wanted to share my experiences with you once again. There are a select number of companies on this planet that really seem to go out of the way to be obnoxiously bad at their jobs. Comcast, AIG, United Airlines - the familiar litany. Well, my experience with online hosting would put Network Solutions right up there with those in competition for the title 'Worst Company in America.'
Here's the current problem. Yesterday, May 14, 2009, at about 6:00AM, one of my users reported that my site had come up with a malware/virus alert on his computer. This was odd, as I am not a malware host. Further, my work computer had been infected the day before, though I had only visited reputable news sites; and my own site.
Lo and behold, upon investigation I found that my site had been hacked to carry the FakeAlert-CL trojan, which had the effect of causing my computer to pretend it had been badly hacked to get me to buy some spurious anti-virus software. Essentially, buying "protection" in the Mafia sense.
Luckily for me, this is not my first rodeo with Network Solutions' laughable excuse for security. This exact same thing had happened 18 months or so ago. I realized then that a worm had infected NS's shared hosting servers, and had changed every file with "index" anywhere in the title to include an < iframe > tag linking to a malware site (from which the computer would be infected).
So here's my workaround. I downloaded and repaired the three index files which control my site. I then deleted the infected files, and re-uploaded clean ones. Being prudent, and having experience with this, I also uploaded *backup* copies with different file names. This proved wise. NS has now been hacked 3 times in the last 18 hours in the exact same way. Each time I get hacked again, I simply delete the infected 'index' file and rename my backup to replace it, then upload a new backup for later use.
Some notes: this has affected my entire Movable Type system by corrupting the templates. However, it attacks only the base index.php file; if you simply fix that one file, then rebuild your Movable Type database, the offending code snippet will be removed. Secondarily, some sections of my site (my bulletin board, for instance) do not have 'index' in the title of their operative files. If I could remove every index file from my site and rename them, I would, but unfortunately too many of the components are hard-wired for that name. Finally, I tried CHMODing the index files to 444, which should have prevented even an Administrator from overwriting or changing them, but it had no effect.
So, back to NS. I contacted a person from NS' marketing department (who contacted me after I posted a previous complaint on this board) and let him know that I had been hacked. He told me he was referring me to "third level support" (meaning what? they speak better English?). I have since been hacked twice more, and have emailed this same PR guy both times. The last time I asked for a phone call; no shock, I have not yet heard back. Maybe this post will prompt a response.
At any rate, to those of you experiencing this with Network Solutions, hopefully my solution will help you. To those of you considering a hosting provider, DO NOT CHOOSE NETWORK SOLUTIONS.
In both cases a hacker created email accounts (through cpanel?) and then sent out spam through the webmail system. I don't see on the log where they accessed the cpanel, so I'm thinking they may have done it on another day, or they may have done it using some remote script.
Here's what the log looks like.
83.138.172.72 - - [06/Feb/2008:04:52:56 -0600] "GET /webmail HTTP/1.0" 301 0 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Crazy Browser 3.0.0 Beta2)"
82.128.5.177 - - [06/Feb/2008:05:52:14 -0600] "GET /webmail HTTP/1.1" 301 5 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Crazy Browser 2.0.1)" ...
how many visitors bear a shared hosting account, Because if visitor grow it goes down..
View 20 Replies View RelatedI currently use a HostGator shared plan which caps off database connections at 25. HG support said my only choice is to move to a dedicated server which means my monthly hosting cost jumps from $14.95 to $174.00! Something I'm not too excited about paying.
Can anyone offer any suggestions on Virtual Private Servers running *nix? Would a VPS be a good alternative to an expensive HG dedicated server or do you recommend I just suck it up and go dedicated? I just can't believe how much they want considering I've seen some VPS for under $100. If I did go with a VPS, would there be an easy way to move all my files, databases, SSL certs, etc to the new server?
I'd like your feedback on what you would consider being the perfect shared hosting account.
What features would be valuable for you, which wouldn’t?
Any features not listed?
If you had to put together the perfect feature set for a shared hosting account, how would you do it?
I am having issues with spy hosting. I signed up for a shared hosting account on Saturday the setup was fast but DNS will not resolve my domains. I get this error when doing a DNS Traversal
ns9.dnscloud.com [66.249.19.217][Broken DNS server: Reports a server failure]91ms
ns10.dnscloud.com [66.249.19.218][Broken DNS server: Reports a server failure]92ms
What is this?
I made a ticket and NO REPLY AS OF YET!
What is going on spy. Has spy gone bad i though they use to be legit?
I ideally want to use Fasthosts as the hosting provider, on a shared hosting account. Are there any CMS's that install and work well in such an environment?
I dont need a CMS with bells and whistles, just one that is template driven, and has 'friendly' URLs.
How many wordpress blogs can be hosted on a Hostgator Business Shared hosting or MediaTemple Grid-Service hosting account?
Also which one of the two is better hosting?
im running a few blogs on a shared hosting account (steadfast) and i noticed the 18 sql queries being generated by a fresh install of wordpress 2.7 are taking 0.246 seconds to execute.
<!-- 18 queries. 0.246 seconds. -->
considering this is a shared hosting server with over 800+ more domains on it, is the performance better or worse when compared to other shared hosting providers ?
archim3des
My business is on the other side of the world and peak time starts at midnight in America time. I am planning to buy 100Mbps shared servers with FDCServers. I am wondering if the time of the day makes a huge difference for a shared 100Mbps line.
View 1 Replies View RelatedDomain abc.com hosted on my server
I fount out that domain def.com is identical to abc.com (ie: same content, same code etc...) but it is NOT hosted on my server
However both domain point to the same IP which is on my server
How is it even possible? was the account/server compromised?
I bought a VPS package hosted at Hosting-IE from someone I knew, since they were not going to be able to use it. Its a linux VPS, and it's done me well. Based on that I decided to purchase my own package, a Windows VPS.
After payment, I messaged support about a broken auto response email they sent out, then asked how long server setup time should be. They responded 1-2 working days. Fine.
Well, its been 7 days since then. I'm 1/4 of the way through the month I've paid for, and still no VPS. I messaged them back asking for my server or a refund, no responses since then.
My previous host set up my dedicated box within a working day, and that involved setting up the hardware too. Over a week for a VPS is too long.
Is my experience with Hosting-IE abnormal or should I be demanding my loot back? Is there any other VPS provider out there that can offer me similar stats at the same price as Hosting-IE?
for a simple package setup, this has gone on for far too long.
I normally hang out in the web design area, so it there is a related thread, please point me there.
I have been hosting a very small site with, what I thought, was a respectable local company. This morning I went to my home page and guess what - my friendly neighbourhood hacker paid me a visit. Gone (commented out) is my home page content, replaced with the following text:
I would like to report that your site is highly compromisable. Please review your hosts security settings. I would recommend changing though, they are a piece of ****.
(I have not deleted anything. the original page is commented out but is still located in this file.)
This security message has been brought to you by Scorpian & AV.
How do I deal with this? If I get no response from my current hosting company on how someone got hold of my ftp password, I want to move my site, but how do I know the next company has better security measures? And what should these security measures include? Any tick lists out there for testing domain host's security?
A community website with a forum(phpbb3), not more than 2000 users, less than 50 posts per day and less than 50 users online at the same time, will be ok to host under a shared account?
If the bandwith is lower than the limit, is it possible to use many resources and get susbended?
I have an account on an older server. Its plesk.
But now that I pointed the domain I can no longer access the old server from the web.
So this is my shared ip:
66.235.201.136
Now there are about 10 domains on the IP.
what would my URL look like to access one of those accounts in plesk in the browser?
66.235.201.136/~rgratitu
I've tried the above and it doesn't work.
i need mssql2005 account with 1 database only with access from my management studio express to your mssql server ip only. no webhosting needed. database size <=200 Mb. Aproximately bandwidth <=10Gb/mo.
MSSQL2005 server must be hosted on ThePlanet.
Or at least suggest me any company using ThaPlanet Hosting who selling shared mssql2005 hosting.
I have a dedicated server with SSH ability and I need to backup some of the accounts of the server via rsync to a normal shared account where I only have ftp access..?
View 14 Replies View RelatedThis is my first time with shared hosting and I went with hostgator because they are well known. Well, my site is getting decent traffic but well within my disk space and data transfer allotment, and I get this email saying my site has been suspended and my site is inaccessible.
Dear customer,
Due to an excessive amount of Apache requests on our gatorXXX server we have been forced to suspend the directory /home/username/public_html/sitename at this time as all other users on the server are experiencing issues due to this :
...http requests list...
Please let us know when you're ready to investigate and address this issue so we can work with you further. Thanks.
Sincerely,
Ford Merrill
Systems Administrator Supervisor
HostGator.com LLC
Is this what most shared hosts do? Just suspend your account once your site starts getting traffic?
whenever I open a new account in Cpanel it assigns a new IP to the new host. I want to know how I can change the cpanel settings to assigns a shared IP to the new host.
View 7 Replies View Relatedhow do i make a vps as a backup server for my shared cpanel account on another host.
View 1 Replies View RelatedI'm trying to find at least three web hosting companies to choose from to host a Joomla websites on a shared server. Would consider dedicated if the deal was right. I have a friend of mine who wants to create a church website, and is looking for the best deal. I use Netfirms which I have never had an issue with, but I didn't want to be bias, and would like give him other options to choose from.
Is there a good WebHosting Review site, I could check out, or maybe someone could recommend their top three. I reading threw the forums here and I noticed there are not that many complaints with Hostgator. Again, I just want to see if there was anything out there better.
This question gets asked a lot in our Helpdesk and I figured I would post our knowledgebase article here to help anyone else wondering the Pros and Cons of Unlimited Domain Shared Hosting vs. Reseller Hosting. If anyone has anything else to add, I appreciate any feedback on how we can improve our KB article.
----------------------------------------------------------------------
Given the present state of shared hosting, many clients may ask "Why would I need a Reseller account if I can host unlimited Addon and Parked domains within a single shared hosting account?". There is certainly enough Disk Space and Bandwidth provided in many of today's hosting packages, so why bother to purchase a Reseller account?
Many don't realize the drawbacks of hosting large numbers of domains within a single hosting account until they've already packed tens of them onto a single package.
So how do you know whether a Reseller account or Shared Hosting account is right for you? The answer is in how you plan to provide access to others and how "mission-critical" the sites are. You should consider the following factors when deciding on hosting a large number of domains:
1. Who will be managing these sites?
2. How important is site security between sites?
3. Will these domains need dedicated SSLs?
4. How resource intensive will these sites be (RAM, CPU, MySQL)?
In a nutshell, Reseller plans are for those who wish to host websites for other sub-clients and a shared hosting package is for a single individual managing multiple personal domains. We'll go over the 4 points above in greater detail.
1. Who will be managing these site?
If you personally own multiple domains and wish to host them within the same hosting space, you can easily do so with an Addon or Parked domain. An addon domain will allow you to host a new domain within a subdirectory of your hosting space. A parked domain will allow you to have multiple domain names point to the same content. Since addon domains reside within the same user space as your main domain, you can manage all of your domains with a single login. You can see the problem if you want to provide another user with access. Since all accounts are managed with a single set of login credentials, if you give another user access to their addon domain you are also giving them access to your main domain. If you have vital information stored on your main domain and you are hosting another domain as an addon domain for someone else, you cannot provide them access to their hosting without compromising the integrity of your main domain.
When hosting sites as a Reseller, your clients in turn will want access to their account and will want exclusive rights to their disk space and server resources. With a Reseller account, each sub-account you create gets its own username, password, and isolated user space on the server. Individual clients of yours have access to their user space and their user space alone. In addition to the isolation with regards to access concerns, each account also gets their own cPanel access. All of the same great features that you use to manage your sites can also be given to your clients. Next time client Y wants to add an email account, you don't have to do it for them for fear of giving them access to your cPanel, you can simply give them their login details and they can manage their own email accounts.
2. How important is site security between sites?
This is along the same lines as point 1. This is not necessarily related to who you are hosting for, but what content you are hosting. Imagine that you are a webmaster and you are hosting your own personal site-in-a-box community forums (such as PHPBB or vBulliten) on your main domain and a company website for a paying client on an addon domain. It is not uncommon for popular scripts to have security flaws in older versions. Script authors will often update security flaws in later versions of their software. For this reason, it is very important to keep scripts up to date on your site. But let's assume you forget to update your scripts for a couple of months and an unscrupulous individual takes advantage of a well known security hole. Using this exploit, they gain access to your forums and any subdirectories. Since you are hosting another domain as an addon, they now have access to this domain's content as well. A site defacement on this company's site may not bode well for you when they are considering you for web master services in the future.
If these two domains had been separate into two individual users (i.e. two subaccounts created through a Reseller), their content would've been inherently isolated server side by Linux's user management. Sure, your forums still would've been affected by the security hole, but the break-in would've been isolated to your site alone.
Going back to our example, let's say that instead of a corporate website as an addon domain you are hosting an image gallery site for all of your cats. In this case, it may not be a big deal if a compromise in your main domain spreads to your addon domain. After all, they are both owned by you and you're only losing some time and effort to restore these sites from your local backups (which I'm sure you've actively maintained ). But then again, you are losing time and time is money. If these sites had been separated into individual users, again, you'd only have to restore one site's content.
The idea here is isolation. Reseller plans provide you with the peace of mind to know that if one of your users doesn't keep up with their site's content as actively as they should, their actions won't negatively impact the content hosted on other domains. If you and those you host in your addons are diligent webmasters, maybe this point won't have much bearing on your decision. Only you can say for sure.
3. Will these domains need SSLs?
As of this writing, SSL certificates must have a dedicated IP address to be installed. If you are hosting multiple domains on the same shared hosting package, you can still install an SSL (or purchase a dedicated IP address and install one) but you are limited to exactly one SSL on your account. If you are hosting multiple domains on the same package (and consequently the same IP), you must choose which domains gets to have the dedicated SSL.
Sub accounts of Resellers can each be placed onto separate IP addresses and, as a result, can each have their own dedicated SSL installed.
Of course, both shared accounts and Resellers' sub accounts can use the server's shared SSL free of charge. However, some clients prefer to see their domain in the URL bar when they visit https.
4. How resource intensive will these sites be (RAM, CPU, MySQL)?
We've already established that disk space and bandwidth will be no problem. But what about CPU, RAM, and MySQL resources?
It's important to be aware of the resource needs of your website. As administrators, we have to make sure all users "play nice" on the server. We can't have user X eating all of the CPU cycles computing pi to the trillionth decimal place while you are trying to serve web pages to your loyal visitors. We have to monitor the actions of all of our users and in the event someone is stepping beyond the bounds of acceptable resource consumption, we have to take action. In most cases, this entails disabling the abusive script, but in extreme cases we have to suspend the abusive user account to prevent other domains from encountering performance degradation on their sites.
If you are hosting 100 domains as addon domains, all serving nothing but static HTML pages, maybe you will stay off the radar.
But considering most sites are more complicated than static HTML, you may want to be aware of how many sites you host as addons and what content they serve. If you're hosting the latest and greatest Joomla modules, with up to date news feeds, integrated forums modules, polls, blog posts, etc your site can certainly require a degree of CPU to serve your pages. Now imagine you have 5 or 10 of these sites all hosted as addon domains. The resources these sites need to generate their content can quickly add up and before you know it you've got a friendly email from Acenet, Inc. in your inbox wondering why your user is consuming 2 of the 8 CPU cores on the server. That may be an exaggeration, but you get the idea. In the event your resource usage becomes so excessive that we have to suspend your user, now all of your sites are down instead of whichever one may be the direct cause of the spike in CPU, RAM, or MySQL consumption.
If each of these had been separate Reseller accounts, the offending account could've been suspended temporarily while we work through the cause, leaving the rest of your domains live and kicking.
The conclusion here is that you need to be aware of the needs of your sites in a general sense. Hosting unlimited domains within a shared hosting space is certainly a nice feature. For those webmasters who have multiple presences on the web, it's very convenient to be able to manage all of their personal domains from a single control panel. For those entrepreneurs who are hosting multiple domains for other individuals, the features and security associated with a Reseller plan and the inherent isolation of Linux users is a must have.
----------------------------------------------------------------------
I'have a problem with my aps setup on sanbox.When i create on customer ccp when i click finish i have this error. I must only test.
Error: Instance of application with id 124 and version '1-4' can not be provided: There is no resource of class 'Shared hosting Apache' with provisioning attributes 'Web Cluster' in subscription with id 1.:There is no resource of class 'Physical hosting (IIS)' with provisioning attributes 'Web Cluster' in subscription with id 1..If i add the shared hosting apache resourse i get this error : There are no "apache" services that satisfy given attributes: "Web Cluster".
I am developing a website for a client of mine (the client is a close friend and know's that he is getting a newbie). This site will be larger (project wise) than anything that I have ever done (everything I have done in the past has been FrontPage). We will be using several third party applications that need to run on the server as well as our own custom developed applications. We do not yet know how much access to the server's deeper structures we will need for all of the applications that we want loaded on our server to run. Things we have in mind: oscommerce, mysql, php5, apache, linux, vbulletin, blogger, phpbb, adserver, ect... Would these things run ok on a shared host and would I have full authority to configure them without needing full access to the server? Or will I need access to the entire server (dedicated server) in order to have full customization capabilities? I guess all I am trying to figure out at this point is will shared hosting for a large project limit our abilities to use 3rd party apps, or do most 3rd party application designers build their stuff to work in a shared hosting environment anyway? If we need to get a dedicated server we will, but if we can get away with shared hosting for a while (especially during development when the site will not be generating revenue) it would be nice to avoid the price of a dedicated server. Many thanks for your comments, insight, and expertise! Also, if anyone can sight some common scenarios that may require a dedicated server over a shared hosting plan, that may help me to understand what the limitations of a shared hosting plan vs. a deicated or virtual dedicated server are.
View 2 Replies View RelatedHere is my dilemma, thanks to a thread in these forums I was directed to a hosting website called pc-core.net and I was interested in using them, because it does not appear that they oversell at all. My question is regarding the fact that they have the shared hosting for $12/month with ~5gb of disk space and 50gb of transfer. I then just looked at reseller hosting for the heck of it, and noticed i could get a reseller hosting account with 45gb storage and 450gb of bandwidth for $10/month. Even though I wont be selling hosting, or anything like that, can I use a reseller hosting account like a normal shared hosting account?...just with more space and bandwidth?
View 3 Replies View RelatedI'm new to the VPS scene, so could someone tell me the difference between VPS and say shared hosting or dedicated hosting? Actually I really like to know what a Virtual Private Server actually is.. I know shared hosting is typically a single account on a server with several hundred other accounts which is used primarily for the sole purpose of hosting websites, and I know that dedicated hosting is functionally the same as colo except that you rent the server, instead of having your own purchased server plugged into some network. So what is VPS?
View 3 Replies View RelatedDo website builders generally go with shared hosting or dedicated server? I mean, if they work on several websites would they get a dedicated server instead of shared? From what I understand through reading shared hosting is basically if you only have one website. So one with multiple websites would go with a dedicated server?
View 12 Replies View RelatedI would like to know the different between the shared hosting and reseller hosting?
View 7 Replies View Related
