Mera Hosting
New member
Yes, payment for administration, but informing them first if they want to. If they dont want to I give them the option to solve it them self within x amount of time.
After that suspend
After that suspend
Compromised account
- Thread starter webalternative
- Start date
Just had another one of these on Thursday. Honestly wasn't too bad though. My clients for whatever reason are never repeat offenders.
I am the one going in on the back end and cleaning it up (for free). I've never really minded it that much ... To me it is similar to doing the dishes ... it is a grounding experience.
Maybe I'm just weird though
that is completely possible.
How do most clients react when you charge them for their stuff getting hacked? I'm curious.
I am the one going in on the back end and cleaning it up (for free). I've never really minded it that much ... To me it is similar to doing the dishes ... it is a grounding experience.
Maybe I'm just weird though
that is completely possible.How do most clients react when you charge them for their stuff getting hacked? I'm curious.
easyhostmedia
Well-known member
they only get charged after many attempts to get them to clean up their account and end up me having to look over their account to try and clean up.
just think a hacker places a php file in their account then unless you know the timeline of when their account was hacked then how do you really know which files are added by client and which by hacker. normally clients are fine as they know it takes time and we dont offer a free service
Last edited:
easyhostmedia
Well-known member
I agree, but the hard work is getting them to change their passwords and update outdated scripts.
I just looked at our Softaculous on our main server and currently 32 sites using outdated scripts.
so apart from sending the clients the outdated script noticed, how do you get them to actually carry out the upgrades. Then it is these clients that will moan on that their sites have been hacked/compromised.
So if you do everything in your power to get them to change passwords and update scripts and they just ignore these, then if they do get compromised then why not charge then to fix the issue as they had many warnings and chances to carry out your instructions.
There are issues with forcing upgrades, as this can break customer sites if they are using old plugins, but there's the problem.
Unfortunately restoring a backup will put the site back into the vulnerable state it was prior to the compromise, so if your not willing to upgrade then your site will probably get hacked again.
We do try to get our customers to upgrade, but have now implemented an automatic patching system, which detects and patches vulnerable files, rather than forcing a script update.
So far this has been successful and we've seen fewer and fewer attacks hitting their targets, as the vulnerabilities have been sealed.
We basically send out emails like.
"We've found the following Vulnerabilities in your account.
List of files and issues
If you have not fixed them in 24 hours, we will patch them for you"
So we are saying you have a choice, you fix it, or we will.
I bet you can guess what most people opt for.
I suppose we are therefore trying to pre-empt the compromise, by hardening their software installations.
If customers don't want us to patch it, then they can look at it themselves, or even restore a backup in the R1Soft plugin, as we will have told them when we patched it.
Again though if vulnerabilities are put back, the system will repatch it.
This in our eyes is better than the suspend the customer after they are hacked. It's a little more pro-active.
Unfortunately restoring a backup will put the site back into the vulnerable state it was prior to the compromise, so if your not willing to upgrade then your site will probably get hacked again.
We do try to get our customers to upgrade, but have now implemented an automatic patching system, which detects and patches vulnerable files, rather than forcing a script update.
So far this has been successful and we've seen fewer and fewer attacks hitting their targets, as the vulnerabilities have been sealed.
We basically send out emails like.
"We've found the following Vulnerabilities in your account.
List of files and issues
If you have not fixed them in 24 hours, we will patch them for you"
So we are saying you have a choice, you fix it, or we will.
I bet you can guess what most people opt for.
I suppose we are therefore trying to pre-empt the compromise, by hardening their software installations.
If customers don't want us to patch it, then they can look at it themselves, or even restore a backup in the R1Soft plugin, as we will have told them when we patched it.
Again though if vulnerabilities are put back, the system will repatch it.
This in our eyes is better than the suspend the customer after they are hacked. It's a little more pro-active.
Last edited:
Prewebhost
Account Disabled
Well suppose to drop email to client including the info in detail along with the resolution steps and will ask for confirmation if client want us to perform the task on his/her behalf.
I know of a provider that will send out email regarding outdated installations (and if they ignore it, they have the rights to suspend it as they say it can affect other accounts).
I do not really agree on this, however if it got compromised, and they don't do anything to it, suspension may be possible.
So yes, guide them on what to do during such situation will be best, most of the time clients will cooperate.
I do not really agree on this, however if it got compromised, and they don't do anything to it, suspension may be possible.
So yes, guide them on what to do during such situation will be best, most of the time clients will cooperate.
easyhostmedia
Well-known member
yes because an outdated script is a risk as its not got the latest security patches etc, then main reason they get updated.
I had a client on wordpress 3.5 when the latest WP was 4.0, so how many updates since 3.5 to 4.0 and we all know WP is not good security wise at the best of times.
so its a case of being politely asked to upgrade (which if using Softaculous is just a case of clicking to upgrade icon), so not that hard to do. so if they don't do this then suspend their account. This then should get their attention as if the server does get compromised it takes a lot of time and money to clean it up.
cheapdedicated
New member
Always run the latest stable version of WP to minimize vulnerabilities
-
HostingDiscussion
A community for web hosting professionals and enthusiasts, since 2002.
