1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I'm on VPS and my site get hacked frequently

Discussion in 'Web Hosting' started by cbnoob, Dec 26, 2010.

  1. cbnoob

    cbnoob Senior Member

    Joined:
    Sep 27, 2010
    Messages:
    967
    Likes Received:
    455
    Hi guys, I'm really panic here. I've moved to futurehosting vps few months ago but my sites were hacked 2 times.
    - Once they installed virus on my footer.
    - Recently they verified as owner of the sites in google webmaster.

    These thing are what I've done before get hacked:
    - Changed all the passwords, generate strong ones
    - Never store password in ftp client
    - Create a virtual machine with ubuntu and log in to all sites from there. I'm not using windows.

    I didn't have this kind of problem when I was at shared hosting (justhost). What do you think? Is shared host better in terms of security? Should I move to shared hosting again?

    Thanks a lot
     
  2. beaglejuice

    beaglejuice Power Member

    Joined:
    Mar 12, 2009
    Messages:
    595
    Likes Received:
    423
    Tell your current host to harden your vps (usually free) and do a security audit.
     
  3. cbnoob

    cbnoob Senior Member

    Joined:
    Sep 27, 2010
    Messages:
    967
    Likes Received:
    455
    Is the vps itself the cause of these attack? I don't share password to anyone. Do you think shared hosting has better security? I'm sick of all of this
     
  4. Bostoncab

    Bostoncab Elite Member

    Joined:
    Dec 31, 2009
    Messages:
    2,255
    Likes Received:
    514
    Occupation:
    pain in the ass cabbie
    Location:
    Boston,Ma.
    Home Page:
    I saw you mentioned you are an Ubuntu user?

    I am too.. Linux rocks. One thing though all Linux user say "Linux is impervious to viruses" This is true but we commonly spread them all over.

    Download The Ubuntu virus software from the software center and scan you whole local pcs(all if more than one) while at the same time contacting your host and running through all the steps you mentioned already.
     
    • Thanks Thanks x 1
  5. cbnoob

    cbnoob Senior Member

    Joined:
    Sep 27, 2010
    Messages:
    967
    Likes Received:
    455
    Yeah, I'm using ubuntu because it's safer than windows. But even when I did all the login in ubuntu, I don't know why my sites can be hacked (the hacker verify his ownership by uploading html file so he must have cpanel password, right?).
    btw, I'm storing all password in firefox (in ubuntu), is that a security risk?

    Thanks
     
  6. Josh.w36

    Josh.w36 Regular Member

    Joined:
    Apr 9, 2010
    Messages:
    231
    Likes Received:
    76
    Home Page:
    you are probably using crap software!
     
  7. cbnoob

    cbnoob Senior Member

    Joined:
    Sep 27, 2010
    Messages:
    967
    Likes Received:
    455
    What can be a crap software. I use only firefox and filzilla
     
  8. gamersplaygame

    gamersplaygame Junior Member

    Joined:
    Sep 16, 2010
    Messages:
    140
    Likes Received:
    5
    Location:
    Under the Sun
    Change the host :p
     
  9. gundamwing

    gundamwing Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 18, 2008
    Messages:
    1,274
    Likes Received:
    913
    try look in the log (admin section or cpanel ) every website or your vps .
    and it should have referer page
     
    • Thanks Thanks x 1
  10. cbnoob

    cbnoob Senior Member

    Joined:
    Sep 27, 2010
    Messages:
    967
    Likes Received:
    455
    Could you explain more further?
     
  11. reptile

    reptile Registered Member

    Joined:
    Oct 19, 2009
    Messages:
    93
    Likes Received:
    13
    get a new VPS.. thats ridiculous.
     
  12. cbnoob

    cbnoob Senior Member

    Joined:
    Sep 27, 2010
    Messages:
    967
    Likes Received:
    455
    This is what I'm asking, can the vps itself be the cause of these attacks?
     
  13. extremephp

    extremephp BANNED BANNED

    Joined:
    Oct 19, 2010
    Messages:
    1,293
    Likes Received:
    1,272
    Well, doing this may help!

    Backup your site to a clean backup you have got. Make sure it is of a time before the site was hacked and is clean.

    After you restore the backup, change all passwords, including FTP,and main login.

    Now, Disable Anonymous FTP.

    And you are half way done. :)

    Install Malwarebytes and scan your PC for malwares. Delete all malwares and you are safe.

    or if you dont wish to scan you PC, after disabling anonymous FTP and changing passwords, remove all FTP clients, and never use FTP again. (That might be hard, so better scan your pc using Malwarebytes.)

    ~ExP~
     
    • Thanks Thanks x 1
  14. cbnoob

    cbnoob Senior Member

    Joined:
    Sep 27, 2010
    Messages:
    967
    Likes Received:
    455
    How can I disable Anonymous FTP
    I'm using ubuntu bro
     
  15. Bostoncab

    Bostoncab Elite Member

    Joined:
    Dec 31, 2009
    Messages:
    2,255
    Likes Received:
    514
    Occupation:
    pain in the ass cabbie
    Location:
    Boston,Ma.
    Home Page:
    Man..no one read what I posted.

    The virus is not on your server it`s on your Ubuntu Pc and every time you log into the server via ftp or cpanel you reupload the virus.

    Ubuntu is safer for you but not for everyone else.

    IT`s like you are immune to Herpes but you are still giving it to everyone you kiss and spreading it around. Make any sense?

    Trust be go to the UBUNTU software center download the virus software and scan your local machine.
     
    • Thanks Thanks x 1
  16. cbnoob

    cbnoob Senior Member

    Joined:
    Sep 27, 2010
    Messages:
    967
    Likes Received:
    455
    Thanks,

    what is the name of antivirus program? I typed the virus and searched and found a lot of games, not antivirus.
     
  17. Remington

    Remington Regular Member

    Joined:
    Feb 27, 2009
    Messages:
    305
    Likes Received:
    148
    Personally, yes. It's not that a VPS or a dedi can't be as secure - hardware-wise, it's the same general stuff.

    But the shared hosting place, if it's any good, has staff that know when updates and patches come out. They make sure they're applied right and in a timely way. They watch for exploits of common software. Etc. etc. etc.

    With an unmanaged VPS or dedi, you have to do all of that yourself - not only for the sites and related software you're running, but for the OS and the actual server (apache or that MS one), too. It's easy to drop the ball if you're not really into server admin.

    The only times I got hacked were when I had my dedi. Once I lost everything on the box since it got rooted. The worst part was, it was supposed to be managed hosting - meaning they were supposed to take care of all the server admin stuff. Well, so much for that. Off to much-cheaper unmanaged I went...and after a few months (when something became obsolete and I missed it), a site got hacked. This wasn't a big deal, but I suspect there was more hacking that had gone on server-side since the site was plain html and wouldn't have had the regular scripting vulnerabilities (AFAIK).

    When I moved back to shared, these types of problems were gone like magic.

    The good part of a dedi is that you never have to worry about getting your site suspended for using too much resources or any of that crap. It was worth it to know that I could try all sorts of box-crashing CPU and RAM-eating things that would have gotten me booted from a shared place. Plus, the dedi had more bandwidth available. I did finally get a 300,000-page site running on it, and I think the chance of doing that with shared is somewhere around zero.

    On the other hand, those big-resource attempts can sometimes overload a box in the middle of the (day or night, whenever you're asleep or otherwise not able to immediately fix it, Murphy's Law will kill it THEN!). Think having one site suspended sucks? Imagine waking up to 0 stats because ALL of your sites have been down for 10 hours!

    So IMO they both have their good and bad points. It's all a matter of what aggravates you the least, and which aspects are the most important to you at the time.

    There are times I am very aggravated at not having a dedi. There are also times I'm glad I don't have to be the one to deal with some issue that'd take me an entire day's worth of research to get a working knowledge of.

    tl;dr

    I think shared hosting is more secure. But both types have a combination of upsides and downsides.
     
    • Thanks Thanks x 1
  18. gundamwing

    gundamwing Jr. VIP Jr. VIP Premium Member

    Joined:
    Sep 18, 2008
    Messages:
    1,274
    Likes Received:
    913
    if you get hacked theres 2 possibilities
    internal and external

    internal = your pc - after clean or sure your pc clean from virus or keylogger

    go to

    external= inside your vps.

    1. try looking webstats (if you whm/cpanel/control panel each host)

    read log whos login to cpanel /control panel
    read all log whos browsing restricted area and where it came .(ip address)

    on vps control panel look

    My Statistics
    Lastlogin Last Login:
    December 10, 2010, 8:39 am


    record all and after that change all password .
    after 24 hours login again and check if theres any login . <-- result
     
    • Thanks Thanks x 1
    Last edited: Dec 26, 2010
  19. extremephp

    extremephp BANNED BANNED

    Joined:
    Oct 19, 2010
    Messages:
    1,293
    Likes Received:
    1,272
    I am not that great to guide you how, but why not use their Live chat and ask them? or raise a Ticket?


    Still, trying this would do better

    http://www.google.co.in/#sclient=psy&hl=en&q=ubuntu+malware+removal&aq=2&aqi=g5&aql=&oq=&gs_rfai=&pbx=1&fp=b1e8a308a589445c

    ~ExP~
     
    • Thanks Thanks x 1
  20. arnoudjansen

    arnoudjansen Registered Member

    Joined:
    Jan 2, 2010
    Messages:
    67
    Likes Received:
    34
    Location:
    Far away
    • Thanks Thanks x 2
    Last edited: Dec 26, 2010