I am pretty new to this reseller hosting and had a question about security. I got an email stating that a site that I was hosting was a phishing site. the site in question was one that I made and was the only person who knew the login and password for the cpanel or ftp.
how exactly did someone manage to get access to it and change files to setup a phishing site?
more importantly how do I prevent this from happening?
the way I solved this problem was by changing the cpanel password and loading a backup onto the account.
Well, they don't need to gain access to cPanel. Depending on the permissions on files, they can be remotely exploited by a hacking who injects a unique code.
From there, they can run their software to capture key-Strokes, scams whatever..
I would go over your code and check for loops, holes and what ever can be exploited. You should also have break() or exit() in validation codes if it is not correct. Will stop hacking injecting code in the loading session.
█ Garbott Ltd - Professional web development & consultancy services
█ Oxford.Hosting - Prestigious shared, cloud, dedicated and gaming hosting solutions.
Did you actually see a phishing site on your domain?
Could be a false report, maybe because there was a phishing site on the server that hosts you, and someone assumed you where the source of that site, because you where on the same server, or maybe someone was spoofing your domain in an email.
If your uploading scripts, they can open a whole host of vulnerabilities if they are not written with an understanding of how to make them secure.
Yes outdated scripts will bite you. I have people fishing my site for a vulnerability that was in a well known mass mailing script a few versions back, and I have never had that script installed. The only time I had a site hacked is when I let users upload avatars to a forum. I understand that has been fixed but I still don't trust it.
If its a fake PayPal page, rules out SQL injection at the very least. Erm, what host are you using, and what scripts do you have uploaded. Also, are you connecting via insecure, WEP secured or WPA/WPA2 using TKIP encyption secured wireless, and have you done any virus checking on your PC. If you ever had a trojan found actually on your PC, and not reformatted since, chances are, there is a still a trojan on it.
Causes I would narrow down to:
- Script opening vulnerabilities, or, though unlikely, you changed some settings that made your hosting account vulnerable.
- Someones got hold your password via dictionary/brute force or compromising the flow of data between you and the web host (Trojans/Hacked Wireless with plaintext PWs and the like)
- Host can't secure their server and you urgently need a better host.
Best look at the scripts your running first to see if those could be the cause. Then look at the second two options if that doesn't answer things.