Hi, I'm working with my hosting reseller service and many things have occured and I really need your help/advice to go over them.

Firstly, I offer a free webhosting service. That's why sometimes ppl upload their shell/backdoor and hack into the root. I have been hacked twice cuz I don't have much time for managing my sevice (I still have school). Is it any advice for how to prevent users from uploading bad and dangerous script onto their host? It always takes me like an hour a week to scan the whole server for shells, but pretty much I don't wanna do it everyday.

Secondly, my reseller provider never give me the new password when my root is hacked. They request me to reset the whole server. That also means I have to erase all of the database/clients info. (that's really silly, I think). I'm just wondering is it solution for backing up the clients' data and info before resetting like that?

Thank you very much ^^~

Hi, I'm working with my hosting reseller service and many things have occured and I really need your help/advice to go over them.

Firstly, I offer a free webhosting service. That's why sometimes ppl upload their shell/backdoor and hack into the root. I have been hacked twice cuz I don't have much time for managing my sevice (I still have school). Is it any advice for how to prevent users from uploading bad and dangerous script onto their host? It always takes me like an hour a week to scan the whole server for shells, but pretty much I don't wanna do it everyday.

Secondly, my reseller provider never give me the new password when my root is hacked. They request me to reset the whole server. That also means I have to erase all of the database/clients info. (that's really silly, I think). I'm just wondering is it solution for backing up the clients' data and info before resetting like that?

Thank you very much ^^~

Don't offer free hosting?

Your host is probably making you reset and start over from scratch, to make sure that there are no traces of the hack left over.

Yeah, actually I stopped the free hosting services days ago. And I also have the same wonder as you just why the provider made me to reset the server cuz I really need to know the log file of activities ... They just said "No, you can't"

Most providers do not allow free hosting accounts due to that most accounts are either phishing, spamming or other abusive/illegal websites.

And I also have the same wonder as you just why the provider made me to reset the server cuz I really need to know the log file of activities ... They just said "No, you can't"
Do you have a reseller account or a dedicated server?
I'm surprised if you use reseller hosting and your host allows you to offer free hosting.

Do you have a reseller account or a dedicated server?
I'm surprised if you use reseller hosting and your host allows you to offer free hosting.

I have a reseller account and yes, I asked them if I can provide free hosting service or not. And they just said: Yes ...

I have a reseller account and yes, I asked them if I can provide free hosting service or not. And they just said: Yes ...

Your host is pulling your leg... You can only do so much when it comes to security if you don't have root access. I would first start with doing some simple things such as a strong secure password ( try this: http://www.pctools.com/guides/password/?length=20&phonetic=on&alpha=on&mixedcase=on&numeric=on&nosimilar=on&quantity=1&generate=true ). You should then update your password every couple of weeks. The next thing you can do is disable shell access to any of your users and make sure they do their part with secure passwords. The other option is to not allow free hosting. lol

Thank you for your advice, I have disable the shell access and also uncheck dedicated IP. I'm now starting to think that all the attackers are from my competitors cuz I offer an Unlimited package just 2.99$/month ... I removed the free package now :) that's annoying though lol ...

You can always try weeding out abusers on free plans, by charging say a $1 setup fee. People after dirt cheap hosting would still sign up, but spammers will move onto some other target.

It sounds to me like you have a dedi server or vps?

My advice:

Don't offer free hosting - why put up with this if you not making money?