Hosting account has been compromised by a malicious intruder. Print

  • 1

A compromised account can create problems for all users on a shared web hosting platform, so to protect our other customers, the account was suspended as soon as we found out that it had been compromised and used for malicious activities. Please understand that this suspension is not an accusation that you are a hacker, a spammer, or otherwise engaged in illegal conduct of any sort. We understand that our customers may at times be victimized by such malicious attacks and ask that you understand why we must act swiftly to protect all customers from being adversely impacted by such an event.

Technically speaking, the vast majority of hosting account compromises occur in one of three ways:

1) The account has a weak password associated with it, or with a service (like a blog or an email account) within it. This weak password can be guessed or brute-forced by a malicious intruder or even a malicious automated process.

2) The account may be running old, outdated, or insecure web content software. This can also include plugins, extensions, or themes for such software which contain exploitable vulnerabilities.

3) A computer used to access the account may have a virus or malware which either allowed a malicious intruder to steal the account's password from that computer, or to perform hostile actions using that computer.

In order to ensure that all possible holes are closed and this problem doesn't occur again once you've removed the offending material, we suggest you take the following actions to strengthen possible security holes:

1) Any and all web content software needs to be updated to the latest versions. Further, any and all web content software should be checked for unpatched exploitable bugs to ensure that there are no issues with running it.

2) Any and all modules, plugins, addons, themes, and extensions for your web content software must be checked to ensure there are no unpatched exploitable bugs, and updated to the latest version.

3) To ensure that passwords are not stolen, you'll need to run a virus/malware scan on any and all computer systems used to access the account prior to changing the passwords.

4) Your passwords, including for any affected email accounts, any web content software accounts (especially admin users on blog, forum, and other such software) will need to be changed. The affected web hosting account passwords should be changed as well. Please choose strong passwords.

5) You'll also want to check the settings of any web content software you have installed to ensure that it does not allow unauthenticated or non-administrative users to send or generate email.

6) Check all email accounts, subdomains, addon domains, and parked domains in your cpanel account to ensure there are no erroneous entries.

7) Finally, you'll want to check the content of your hosting account to verify that there are no anomalous files or directories, that your .htaccess files are as they should be, and that the content of any dynamic scripts (such as php scripts) which are not part of a web content software package are as they should be.

Was this answer helpful?

« Back