Host Hacked

[HostCliff]

I see that a fellow web host, ThisWeekInWebHosting.com has been hacked by a group named TurkM4hdi.

Any ideas on how to prevent that from happening to any server? Basically, I know, install a firewall, enable cP Hulk, strengthen your passwords, etc.

What's your strategy?

 

[Bahawolf]

Decent server management will harden your server, but you should always seek out tutorials, hints, ect. - Do some research and always expect that something in your server can be improved.

Sad to hear, but this doesn't look good for them.

 

[HostCliff]

I think this is owned by the same owner of Freewebhostingworld and PingHoster?

 

[Bahawolf]

I think this is owned by the same owner of Freewebhostingworld and PingHoster?

PingHoster, yes. - I don't know about Freewebhostingworld.

 

[HostCliff]

I think yes, cause FreeWebHostingWorld owns PingHoster? And its not just a coincidence they all offer unlimited everything.

 

[Seraphim]

There was a hacking attempt made against my servers using a previously-unknown backdoor in UnrealIRCd. Fortunately it didn't completely work, the IRCd crashed and alerted people to the problem. Someone had inserted a Trojan in Unreal3.2.8.1.tar.gz on almost all the mirrors starting around November 9th. This trojan opened a backdoor in the IRCd giving an intruder shell access using the IRCd's permissions.

Lesson here: MD5sum or PGP everything before you install it to avoid tampered-with software packages.

Seems to be an increase in such activity in the past few days though.

 

[HostCliff]

They seem to be up now, good for them.

 

[hotvins]

They seem to be up now, good for them.

Yes, but the activation and other emails are being sent by same hacker's email ID TurkM4hdi@gmail.com

They do not give unlimited space and bandwidth. Its 5GB of both only.

 

[jphilipson]

Looks like it's a Wordpress site - so it's 99.9% likely it was just a script level exploit.

 

[Bahawolf]

They do not give unlimited space and bandwidth. Its 5GB of both only.

Perhaps they upgrade you as you need it -- they could do this in an attempt to stop spammers.

 

[hotvins]

Perhaps they upgrade you as you need it -- they could do this in an attempt to stop spammers.

Oh I see. That is right and justified then.

 

[Seraphim]

Oh I see. That is right and justified then.

5GB is still a LOT of spam. Last spammer that got into my server managed to send ~400MB before getting caught. I estimate it was somewhere in the neighborhood of 40,000 messages that made it out.

 

[probafix]

some security tips for you to prevent your site from being hacked when it is hosted on shared hosting.
1. Update your software, scripts regularly
2. Keep a look out for 3rd party scripts and code
3. Use Strong Passwords for hosting account, cPane and FTP
4. Power yourself with knowledge instead of blaming
5. Check your logs files regularly

 

[Unipis]

that is righy..

 

[WhiteSystem]

I see that a fellow web host, ThisWeekInWebHosting.com has been hacked by a group named TurkM4hdi.

Any ideas on how to prevent that from happening to any server? Basically, I know, install a firewall, enable cP Hulk, strengthen your passwords, etc.

What's your strategy?

If you use CSF you don't need cP Hulk, also so far I know (and for what I have seen) it takes a lot of CPU resources as ClamAV, but anyway if you want to give security...

 

[tlchosting]

No server is 100% hack proof, and there will always be new ways to hack a server. All you can do is make sure you follow or learn all basic and advanced security procedures and if your server dose come under attack then just learn by it and make sure it can not be done again.

Also not to be rude but really any one who don't know how to keep there servers secure, they should not really be running a hosting company.

 

[WhiteSystem]

No server is 100% hack proof, and there will always be new ways to hack a server. All you can do is make sure you follow or learn all basic and advanced security procedures and if your server dose come under attack then just learn by it and make sure it can not be done again.

Also not to be rude but really any one who don't know how to keep there servers secure, they should not really be running a hosting company.

You are right, I agree.

However in most cases is an individual fail, I think that technologies are enough safe nowadays, and only a 0-day could be seriously dangerous for a server, if you have your software updated, then you should have no problems.

I think in most cases is a human error, anyone may have stolen the access cookies, or a failure of any web browser or simply do not log in a safe manner. They may also be at the level of a single script, which are not extremely serious, in any case is a big responsibility.

 

[eSupun]

CSF is using less RAM than ClamAV does. And it's the best! It saved me many times from DDOS attacks.

 

[TheHostGenie]

Csf

Agreed, CSF is the way to go. It's scary how often we get emails like this from CSF:


Failures: 5 (sshd)
Interval: 300 seconds
Blocked: Permanent Block
Log entries:
Jul 10 11:21:24 the sshd[3478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.xxx.xxx.xxx user=root
Jul 10 11:21:26 the sshd[3478]: Failed password for root from xxx.xxx.xxx.xxx port 45756 ssh2

But hey, at least it means it's protecting us

--------------------------------
TheHostGenie.com

 

[wwwhoxtme]

I agree to. CSF is the better thing to do for those that have cPanel. More info about CSF here: http://www.configserver.com/cp/csf.html

I advise also to install all other tools from configserver.com