Many hacks are caused by out of date
or insecure software. Also if your webpages displaying virus, then We
would advise that you do the following to prevent this in the future:
As
this is an isolate incident with only your account (There isn't any
possibility to hack / Virus attack to the server) it is an issue within
your account that allowed access.
1) Clean all infected files in your account and remove any unknown/un-needed files. (It is better to Remove all files if possible)
2)
Change all passwords including cPanel, and FTP to STRONG Passwords (
https://www.microsoft.com/protect/fraud/passwords/checker.aspx )
3)
Scan your computer for viruses (Using uptodate Good virus guard) , some
exploits are caused by a virus on your computer getting your login and
uploading files. Also scan your PC for any spyware.
4)
Update all applications on your account and remove any insecure plugins
/ widgets (Some insecure widgets / plugins on WP / Joomla / Forums
.... )
*** We
strongly advice you to check your HTML page coding for any iFrame
(Normally bottom of the page) tags and if found remove those.
5) Finally you can
upload your fresh files to server account. Also remember you have to use
strong Passwords to All site software (Eg: open source / scripts...)
Find the strength of your password here >> https://www.microsoft.com/protect/fraud/passwords/checker.aspx
Tuesday, July 9, 2013
Hosting account has been compromised by a malicious intruder.
A compromised account
can create problems for all users on a shared web hosting platform, so
to protect our other customers, the account was suspended as soon as we
found out that it had been compromised and used for malicious
activities. Please understand that this suspension is not an accusation
that you are a hacker, a spammer, or otherwise engaged in illegal
conduct of any sort. We understand that our customers may at times be
victimized by such malicious attacks and ask that you understand why we
must act swiftly to protect all customers from being adversely impacted
by such an event.
Technically speaking, the vast majority of hosting account compromises occur in one of three ways:
1) The account has a weak password associated with it, or with a service (like a blog or an email account) within it. This weak password can be guessed or brute-forced by a malicious intruder or even a malicious automated process.
2) The account may be running old, outdated, or insecure web content software. This can also include plugins, extensions, or themes for such software which contain exploitable vulnerabilities.
3) A computer used to access the account may have a virus or malware which either allowed a malicious intruder to steal the account's password from that computer, or to perform hostile actions using that computer.
In order to ensure that all possible holes are closed and this problem doesn't occur again once you've removed the offending material, we suggest you take the following actions to strengthen possible security holes:
1) Any and all web content software needs to be updated to the latest versions. Further, any and all web content software should be checked for unpatched exploitable bugs to ensure that there are no issues with running it.
2) Any and all modules, plugins, addons, themes, and extensions for your web content software must be checked to ensure there are no unpatched exploitable bugs, and updated to the latest version.
3) To ensure that passwords are not stolen, you'll need to run a virus/malware scan on any and all computer systems used to access the account prior to changing the passwords.
4) Your passwords, including for any affected email accounts, any web content software accounts (especially admin users on blog, forum, and other such software) will need to be changed. The affected web hosting account passwords should be changed as well. Please choose strong passwords.
5) You'll also want to check the settings of any web content software you have installed to ensure that it does not allow unauthenticated or non-administrative users to send or generate email.
6) Check all email accounts, subdomains, addon domains, and parked domains in your cpanel account to ensure there are no erroneous entries.
7) Finally, you'll want to check the content of your hosting account to verify that there are no anomalous files or directories, that your .htaccess files are as they should be, and that the content of any dynamic scripts (such as php scripts) which are not part of a web content software package are as they should be.
Technically speaking, the vast majority of hosting account compromises occur in one of three ways:
1) The account has a weak password associated with it, or with a service (like a blog or an email account) within it. This weak password can be guessed or brute-forced by a malicious intruder or even a malicious automated process.
2) The account may be running old, outdated, or insecure web content software. This can also include plugins, extensions, or themes for such software which contain exploitable vulnerabilities.
3) A computer used to access the account may have a virus or malware which either allowed a malicious intruder to steal the account's password from that computer, or to perform hostile actions using that computer.
In order to ensure that all possible holes are closed and this problem doesn't occur again once you've removed the offending material, we suggest you take the following actions to strengthen possible security holes:
1) Any and all web content software needs to be updated to the latest versions. Further, any and all web content software should be checked for unpatched exploitable bugs to ensure that there are no issues with running it.
2) Any and all modules, plugins, addons, themes, and extensions for your web content software must be checked to ensure there are no unpatched exploitable bugs, and updated to the latest version.
3) To ensure that passwords are not stolen, you'll need to run a virus/malware scan on any and all computer systems used to access the account prior to changing the passwords.
4) Your passwords, including for any affected email accounts, any web content software accounts (especially admin users on blog, forum, and other such software) will need to be changed. The affected web hosting account passwords should be changed as well. Please choose strong passwords.
5) You'll also want to check the settings of any web content software you have installed to ensure that it does not allow unauthenticated or non-administrative users to send or generate email.
6) Check all email accounts, subdomains, addon domains, and parked domains in your cpanel account to ensure there are no erroneous entries.
7) Finally, you'll want to check the content of your hosting account to verify that there are no anomalous files or directories, that your .htaccess files are as they should be, and that the content of any dynamic scripts (such as php scripts) which are not part of a web content software package are as they should be.
Does SSL need dedicated IP ?
A SSL Certificate can only be assigned to a website with a unique IP address (Dedicated IP).
Create a strong passwords
Keys to password strength: length and complexity
An ideal password is long and has letters, punctuation, symbols, and numbers.
Common password pitfalls to avoid
Cyber criminals use sophisticated tools that can rapidly decipher passwords. Avoid creating passwords that use:
Check your Password Strenght here >> https://www.microsoft.com/security/pc-security/password-checker.aspx
Source : Microsoft.com
An ideal password is long and has letters, punctuation, symbols, and numbers.
- Whenever possible, use eight characters or more.
- Don't use the same password for everything. Cybercriminals steal passwords on websites with very little security, and then they try to use that same password and user name in more secure environments, such as banking websites.
- Change your passwords often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
- The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."
- Use the entire keyboard, not just the letters and characters you use or see most often.
Common password pitfalls to avoid
Cyber criminals use sophisticated tools that can rapidly decipher passwords. Avoid creating passwords that use:
- Dictionary words in any language.
- Words spelled backwards, common misspellings, and abbreviations.
- Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
- Personal information. Your name, birthday, driver's license, passport number, or similar information.
Check your Password Strenght here >> https://www.microsoft.com/security/pc-security/password-checker.aspx
Source : Microsoft.com
Password Refused When Trying To Access E-Mail
If you are trying to access your
e-mail and get the error saying your password is incorrect don't worry
as there is a simple solution.
1.Login to your CPanel
2.Click on Mail
3.Click on Add/Remove Accounts
4.Click Change Pass next to the account
5.Enter the password you wish to use (it can be the same as the original)
Your e-mail should now be working. This doesn't happen very often but for some reason passwords can get corrupt in CPanel.
1.Login to your CPanel
2.Click on Mail
3.Click on Add/Remove Accounts
4.Click Change Pass next to the account
5.Enter the password you wish to use (it can be the same as the original)
Your e-mail should now be working. This doesn't happen very often but for some reason passwords can get corrupt in CPanel.
Not Acceptable Error
If you receive the error Not
acceptable (406) that means you're causing mod_security to block your
websites request. To resolve this issue simply add the following to your
.htaccess file in public_html:
SecFilterEngine Off
That will disable mod_security and resolve the Not acceptable errors.
SecFilterEngine Off
That will disable mod_security and resolve the Not acceptable errors.
Error Log?
The error log contains all HTTP errors that occur when
visitors attempt to view your site, such as requested files not found,
etc. The Error Log tool is a presentation of the last 300 entries in
your error log. A central use of this tool is to locate suspicious
server activity, such as attempted virus attacks. Please contact your
hosting administrator if you have concerns about activity in your error
logs.
To check your error log:
1. Click on the Error Log link in the Web/FTP Stats area.
2. Browse the results.
To check your error log:
1. Click on the Error Log link in the Web/FTP Stats area.
2. Browse the results.
508 Resource Limit Is Reached
The error message "508 Resource Limit Is Reached"
appears when your account is constantly exceeding the resources
assigned to it - these can include CPU usage, RAM usage and/or the
number of concurrent processes running under your account.
We run the CloudLinux operating system on servers to better resource manage , and this allows us to isolate accounts in their own lightweight virtual environment with exact amount of resources allocated to each account. If you have resource heavy sites on your account then it's possible you are constantly reaching these limits and your account is being temporarily throttled to maintain server stability.
A resource usage spike every now and again is nothing to worry about and will cause minimum (if any) disruption to your account, but if you are facing constant issues then you should be looking at optimizing the code on your websites to use minimum resources, or upgrading to a VPS or dedicated server.
We run the CloudLinux operating system on servers to better resource manage , and this allows us to isolate accounts in their own lightweight virtual environment with exact amount of resources allocated to each account. If you have resource heavy sites on your account then it's possible you are constantly reaching these limits and your account is being temporarily throttled to maintain server stability.
A resource usage spike every now and again is nothing to worry about and will cause minimum (if any) disruption to your account, but if you are facing constant issues then you should be looking at optimizing the code on your websites to use minimum resources, or upgrading to a VPS or dedicated server.
500 Error
If your
site occurs a 500 Internal Server Error the most common are php
settings in your .htaccess file. They will typically look like this:
php_value "register_globals" "1"
To fix this simply create a file named php.ini in your public_html folder, and remove the lines from the .htaccess file and paste them in your php.ini file. Afterwards modify them to something similar as this:
register_globals = On
If this still does not fix your problem, check the permissions of your files and folders. On a PHPSuExec server you cannot have any files with 777 permissions.
For security reasons you should keep all folders at 755 and files at 644.
Some applications do require that a file to have greater permissions than 644, but make sure you change the permissions on that file only
php_value "register_globals" "1"
To fix this simply create a file named php.ini in your public_html folder, and remove the lines from the .htaccess file and paste them in your php.ini file. Afterwards modify them to something similar as this:
register_globals = On
If this still does not fix your problem, check the permissions of your files and folders. On a PHPSuExec server you cannot have any files with 777 permissions.
For security reasons you should keep all folders at 755 and files at 644.
Some applications do require that a file to have greater permissions than 644, but make sure you change the permissions on that file only
What is the mysql host name and connection?
Your MySQL host name is localhost
Create a Database , Database user on your cpanel. Then add database user with the MySQL database with required priviledges
You can use below format on your database connection script
Eg : If you create a Database as myclass and DB username as cladmin, ( we use webpanel as cpanel username In the following example. you need to replace your own cpanel username)
Create a Database , Database user on your cpanel. Then add database user with the MySQL database with required priviledges
You can use below format on your database connection script
Eg : If you create a Database as myclass and DB username as cladmin, ( we use webpanel as cpanel username In the following example. you need to replace your own cpanel username)
- My SQL server (Host) : localhost
- My SQL Database name : webpanel_myclass
- My SQL Username : webpanel_cladmin
- My SQL Password : *****YourPasswordHere****
Subscribe to:
Comments (Atom)