Avoiding Hackers on my VPS !!!

[Ajay-HostIN]

Dear All,

I made up scans of WHM and did almost everything that can help in getting out of this scaneo. Today a customer called me saying that their account is been hacked. I checked the Bugs that appears with the caption "Hacked by Asparux". After reviewing, meeting some php scripts and now I'm studying to see which was the way they accessed the account. If anyone knows how to prevent these attacks, 'll be very grateful. Greetings to all..

 

[wh-coach]

Almost impossible to avoid them entirely. Poor permissions + poor code = hacked. Maybe you can jail the users somehow? That won't stop sites from being hacked but it will possibly contain the damage to just the jailed environment. Looks like CPanel has added some features to help but I haven't used CPanel much in the last while so maybe somebody else can help out.

 

[dwhs]

Yeah VPS is risky. Shared and cloud hosting is a little more secure. I wouldn't get VPS unless you are a system admin.

 

[King-Servers]

Most of the time, server is hacked just because of poor scripting or weak password, you should optimize script every week and keep a very strong password for control panel and databases and not share it with anyone.

 

[easyhostmedia]

You can secure your server with the best protection, but users sites can still get hacked if they use weak passwords or outdated scripts.

we had a few wordpress clients who had their sites compromised yes server secure, due to outdated scripts and then when we looked at the outdated scripts list we found some still using version 3.5 and it is now 4.1, so gave all clients notice to update within 7 days or sites with outdated scripts would be suspended and charged to be unsuspended, some updates and some never until sites were suspended and this got their attention

 

[RH-Calvin]

I would suggest to keep the firewall up always and keep changing your password very often to avoid any unwanted entries on your server.

 

[24x7server]

Hi,

Making a webserver hack proof is a big tough. You cannot get it 100% tough, but at least you can make it tougher for the hackers to sneak in.

1. Analyze what is the server.
2. What is their in the web contents.
3. Harden the PHP, so attacker find it tough to sneak in.
4. Get the applications updated on the server.
5. Check the logs regularly.
6. Mod_Security does very good job against URL injections.
7. Get a maldet scan initiated weekly. You can integrate this with modsecrity too to get active scanning.
8. Avoid giving shell access to anyone on the server.

A lot more in this section to be discussed about. Surely, we will get some more reviews from the experts in this forum to share their experience on this.

 

[ughosting]

It really doesn't matter how you harden the server unless your code is also hardened and kept up to date.

You don't say which scripts you are running which get hacked.

Wordpress perhaps?

 

[Alex - A2 Hosting]

Yeah VPS is risky. Shared and cloud hosting is a little more secure. I wouldn't get VPS unless you are a system admin.

Huh? A VPS can be as secure or more secure than a poorly setup shared environment and vice versa.

@OP: We can't really help you in preventing a future attack unless you know how this one occurred. If you're able to investigate and find out how this attacked occurred please do share the details as we may be able to give you some tips on how to prevent it in future.

Just note, there will always be new vulnerabilities discovered be it in the clients software or the software on the server which is why regular maintenance is very important. You need to be on top.

 

[SLogix-Brian]

Have you tried Wordpress?

 

[Bullten]

Why dont you try a web application firewall so that it can take load of weak codes. http://blog.bullten.com/installing-free-comodo-mod_security-rules-cwf/

 

[NickM]

You could always send reminder emails out etc to your clients, asking them to change passwords on their VPS's every now and then. Or you could simply make them required to change the password every 2 weeks or month or something. Then I'd change the required length and the required sophistication of the password.

That alone can help reduce hacking 60%+.

 

[HostLeet]

A compromised/hacked website and a compromised/hacked server are two entirely different things.

 

[ANMMark]

As HostLeet said, a hacked site and a hacked server are vastly different. If the site is hacked, it is primarily isolated. If the server is hacked you'll have some bigger issues, because all sites on the server are then vulnerable.

The two favorite methods of hacking are sql injection and remote file inclusion. Both of these methods generally rely on poor coding practices. For sql injection, the hacker relies on a coder not handling script errors and data entry points properly. Remote file inclusion can happen in a multitude of ways and the file being included can perform a plethora of malicious functions.

There are solutions.

Hopefully this doesn't come off as advertising since I'll be offering it to you free; However, if you need help, don't hesitate to ask. While I cannot offer any of our premium services for free, I can offer the testing for free and maybe help you narrow down where you vulnerability is.

 

[vegas]

Whats up first you didnt share the characteristics of your server,truly dont know where you are mounted at,but you say it was your client the one hacked so its basically his faultnot yours.
Im hearing gossip of guys stating ur client was on a vps and that is not true,your client was on a shared hosting platform provided by you and maybe the problem is within cpanel ,I mean they are so popular men have you tried using other panels?,well at least if you are true profesional you should try more than one.

 

[HostZealot]

We actually never experienced VPS hacks - either because our clients are smart or because our admins know their job.

Yet our shared web hosting customers face this quite often - mostly because they use outdated WP themes that have more holes than a piece of cheese. We try to warn them of danger and deal with requests swiftly - yet a website on shared hosting being hacked is quite a common case.

 

[munchhost]

When it comes to VPSes, a change in the SSH port and having a strong password is essentials. Previously, one of my VPS got hacked too due to the weak password I was using.

 

[vegas]

How many characters do you recommend as a strong password for a vps?,can you provide an example too?

 

[HostZealot]

I use 16-symbol passwords with numbers and special symbols. Just click your keyboard mindlessly and not a single software will be able to crack it.

 

[LarsJ]

It's amazing and scary how simple clients make their passwords...