Although we host your website, we are unable to manage security of your content. We have multiple safeguards in place to prevent our servers from being hacked, including prevention against brute force attacks and tight security on user accounts. The actual vulnerabilities a hacker uses to gain access to your home directory or public_html folder are often located in the scripts themselves. For this reason, we provide updates through Fantistco as they are made available, and also offer courtesy server backups and a backup utility in cPanel, which you can use to take partial or full snapshots of your account whenever you feel a need.
As to which script was exploited to allow access to your account, we would be uncertain what was used, as most exploits use standard pages in your account with unusually formed requests to inject their own content to your site. There are multiple resources online to help you identify the cause, and we would suggest starting with the authors of the software you are running, to see if there are known exploits or updates that the vendor is aware of.
Increasing Site Security:
The following check list is a good collection of security tips offered for review to make sure your web site is as secure as possible.
By design our servers are secure. The security level of your site depends on the code that is uploaded to JustHost's Servers.
1) Remove malicious files and/or files you are not familiar with.
While many PHP applications generate files you may not be familiar with, it is important to watch for files or directories that may sound suspicious such as 'wellsfargo' or 'abbybank'.
Check your scripts for any Header Injection attacks, Sql Injection attacks, Cross-Site Scripting attacks, etc., as well as your php.ini file settings
2) Update all scripts/applications to the newest versions available.
Old security holes are updated and remedied in new versions of software, so updating to the newest versions available ensures that you are running the most secure option available. If you installed these applications using Fantistco, automatic updates are available by clicking the 'Update Now' button. For installations done with Fantastico, the main Fantastico screen will show a link on the right-hand side of the screen with the available versions you can upgrade to.
3) Update all plugins to the newest versions available.
Just because your applications have been updated doesn't mean the plugins you use have been also. Popular plugins for Wordpress, Joomla, Drupal, etc are created for specific application versions. When updating your applications, make sure the plugins you're using are also certified to work with the newest version of your software.
4) Delete any databases/applications from your account that are no longer in use.
Each databases/application you have installed on your account is another possible point of entry for attackers. By removing applications/databases that are no longer used, you will be eliminating the potential for those outdated scripts to be exploited.
5) Fix dangerously writeable permissions.
Most website files should be set at 644, and folders should be set to 755. This can be adjusted in an FTP client or by manually changing it in the Control Panel File Manager by selecting the file, and clicking on the icon at the top of the screen that says, 'Change Permissions'.
6) Hide your configuration files.
Moving your config.php and other files containing passwords to a secure directory outside of the 'public_html' folder will make them inaccessible to general web surfing.
7) Tweak your php.ini file.
The 'php.ini' file on your account is file that adjusts how PHP behaves on your account. By adjusting the properties of this file, you can greatly increase aspects of your security. This file is generally located in your 'public_html' directory. If you're unable to see this file, you may need to manually generate one. You can manually generate one by logging into your Control Panel and clicking the 'PHP Config' icon located in the section called 'Software/Services'. You'd then click the button that says, 'Install Master PHP.ini File'. This will install a file in your 'public_html' directory called 'php.ini.default'. To make this file active, you will then need to rename it to 'php.ini'.
Tweak 1 - Set 'register_globals' to Off.
Tweak 2 - Set 'display_error' to Off.
8) Connect to your account using a secure network.
If you're connecting to the internet using a wireless connection, make sure the wireless network is using a method of security such as WPA or WEP encryption.
9) Make sure your local computer is secure.
One of the biggest security holes in Internet site security is accessing your site from an insecure computer. Viruses, malware and keyloggers can be installed on your computer covertly and can be used to obtain your username/password credentials or to infect your website files themselves. Practice good at-home computer security by regularly running a reliable anti-virus/spyware scanner.
10) Review Site Usernames
If your site Admin Username is "Admin" change it to something unique. (For xample, Admin is the default username in Wordpress any many other software tools)
11) Review FTP Accounts
Delete all non-system Ftp Accounts that were created, or at the very least, change the passwords to the FTP Accounts
12) Review any Access Hosts
Remove any 'Remote Mysql' access by clicking the "Remote Mysql" icon and clicking the Remove Red X by each entry if there are any entries.
Here are a few high-quality, free applications that can help you maintain a safe, healthy computer.
Windows:
PC Tools Anti-Virus
Ad-Aware Anti-Malware
ClamWin
Mac
PC Tools iAntiVirus
ClamXav
Linux
avast! Linux Home Edition
ClamAV
Helpful Resources:
Here are a few sites to assist you with securing your code. If you don't find these useful you can run a Google search for code security or HTML security.
Google.com - Webmaster Tools Help
TopBits.com - Finding Security Vulnerability
Google's FAQ for Phishing and Malware Protection
Fortify PPC Source Code
Security Tools
Wiki Code Injection
You can also check out SiteLock, add directly through your cpanel, ORhttp://wewatchyourwebsite.com. They both specialize in monitoring your site.
As to which script was exploited to allow access to your account, we would be uncertain what was used, as most exploits use standard pages in your account with unusually formed requests to inject their own content to your site. There are multiple resources online to help you identify the cause, and we would suggest starting with the authors of the software you are running, to see if there are known exploits or updates that the vendor is aware of.
Increasing Site Security:
The following check list is a good collection of security tips offered for review to make sure your web site is as secure as possible.
By design our servers are secure. The security level of your site depends on the code that is uploaded to JustHost's Servers.
1) Remove malicious files and/or files you are not familiar with.
While many PHP applications generate files you may not be familiar with, it is important to watch for files or directories that may sound suspicious such as 'wellsfargo' or 'abbybank'.
Check your scripts for any Header Injection attacks, Sql Injection attacks, Cross-Site Scripting attacks, etc., as well as your php.ini file settings
2) Update all scripts/applications to the newest versions available.
Old security holes are updated and remedied in new versions of software, so updating to the newest versions available ensures that you are running the most secure option available. If you installed these applications using Fantistco, automatic updates are available by clicking the 'Update Now' button. For installations done with Fantastico, the main Fantastico screen will show a link on the right-hand side of the screen with the available versions you can upgrade to.
3) Update all plugins to the newest versions available.
Just because your applications have been updated doesn't mean the plugins you use have been also. Popular plugins for Wordpress, Joomla, Drupal, etc are created for specific application versions. When updating your applications, make sure the plugins you're using are also certified to work with the newest version of your software.
4) Delete any databases/applications from your account that are no longer in use.
Each databases/application you have installed on your account is another possible point of entry for attackers. By removing applications/databases that are no longer used, you will be eliminating the potential for those outdated scripts to be exploited.
5) Fix dangerously writeable permissions.
Most website files should be set at 644, and folders should be set to 755. This can be adjusted in an FTP client or by manually changing it in the Control Panel File Manager by selecting the file, and clicking on the icon at the top of the screen that says, 'Change Permissions'.
6) Hide your configuration files.
Moving your config.php and other files containing passwords to a secure directory outside of the 'public_html' folder will make them inaccessible to general web surfing.
7) Tweak your php.ini file.
The 'php.ini' file on your account is file that adjusts how PHP behaves on your account. By adjusting the properties of this file, you can greatly increase aspects of your security. This file is generally located in your 'public_html' directory. If you're unable to see this file, you may need to manually generate one. You can manually generate one by logging into your Control Panel and clicking the 'PHP Config' icon located in the section called 'Software/Services'. You'd then click the button that says, 'Install Master PHP.ini File'. This will install a file in your 'public_html' directory called 'php.ini.default'. To make this file active, you will then need to rename it to 'php.ini'.
Tweak 1 - Set 'register_globals' to Off.
Tweak 2 - Set 'display_error' to Off.
8) Connect to your account using a secure network.
If you're connecting to the internet using a wireless connection, make sure the wireless network is using a method of security such as WPA or WEP encryption.
9) Make sure your local computer is secure.
One of the biggest security holes in Internet site security is accessing your site from an insecure computer. Viruses, malware and keyloggers can be installed on your computer covertly and can be used to obtain your username/password credentials or to infect your website files themselves. Practice good at-home computer security by regularly running a reliable anti-virus/spyware scanner.
10) Review Site Usernames
If your site Admin Username is "Admin" change it to something unique. (For xample, Admin is the default username in Wordpress any many other software tools)
11) Review FTP Accounts
Delete all non-system Ftp Accounts that were created, or at the very least, change the passwords to the FTP Accounts
12) Review any Access Hosts
Remove any 'Remote Mysql' access by clicking the "Remote Mysql" icon and clicking the Remove Red X by each entry if there are any entries.
Here are a few high-quality, free applications that can help you maintain a safe, healthy computer.
Windows:
PC Tools Anti-Virus
Ad-Aware Anti-Malware
ClamWin
Mac
PC Tools iAntiVirus
ClamXav
Linux
avast! Linux Home Edition
ClamAV
Helpful Resources:
Here are a few sites to assist you with securing your code. If you don't find these useful you can run a Google search for code security or HTML security.
Google.com - Webmaster Tools Help
TopBits.com - Finding Security Vulnerability
Google's FAQ for Phishing and Malware Protection
Fortify PPC Source Code
Security Tools
Wiki Code Injection
You can also check out SiteLock, add directly through your cpanel, ORhttp://wewatchyourwebsite.com. They both specialize in monitoring your site.
No comments:
Post a Comment