Web Hosting Talk : Web Hosting Main Forums : Running a Web Hosting Business : Running a Web Hosting Business Tutorials : Part 5 : The Real Deal!

[CX.Eric]

Ok i was urged to make another part because i saw a need for it!

This part is the real deal, the only thing that gives your business a fighting chance!
Now at any given time there are a billion people online out of which 40 million are hackers and stupid teens who know a few things about servers.This is a regular threat for hosting business owners, hack attacks, thats right everyone is unsafe doesnt matter how big your server is or how much you paid for it or what kinda of dc its in.

1- Your DC will NOT interfere with anything going on in the server and take any legal actions against the hacker.

2-There is no one to blame but yourself when your server gets compromised with a given exception that the control panel you are using has a vulnerability.



Now to prevent your business going down here are a few steps.

1- Order a second hardrive almost double the first one on your server, and setup backups on it to run every week.

2- Get a reputable Management company to manage your server and have them setup some space on their network for you as well and have your files backed up there as well.


The best thing to do in a situation where your server has been compromised is:

- call your datacenter and have them change your root pwd

- login and go to Basic Settings and see if the the root email is yours or not!

- have your mgt company turn off any setting that serve pages to the public and have your server repaired.

- after a complete checkup is done you will need to restore all backups.

BUT!

keep in mind the date of the previous backup, check recheck then recheck 10 more times the dates of all backups, compare with the current hacked accounts and if there is an account that is not backed up leave it be and restore others.

A hacked account is much better then NO account.

Usually hackers "deface" sites, which just replaces the index files in all folders so it CAN be fixed but takes time

Note:
After getting hacked your customers will blame you but as per the standard Hosting TOS, all customers back there own data up, but its in good ethics that you do that for your customers.


I hope that helped.
Regards

[BullionHost]

Sending periodic reminders to costumers about saving it websites main files is always usefull as they will keep for themselves the files they find important in their sites. but as mentioned above. it is better if you make daily back ups for the data in your server(s).

Regards!

<<Signature to be setup in your profile>>

[RockSupport]

Very helpfull thanks.

[jamesapnic]

Quote:

A hacked account is much better then NO account.

Usually hackers "deface" sites, which just replaces the index files in all folders so it CAN be fixed but takes time

My recommendation is that you dont just 'fix' this. It may cause more trouble in the long term. Re-install the server, ok so you got 1-2 hours downtime, re-install everything make sure its up to date and then put it back online. Obviously you probably dont have time to analyse the logs in 1-2 hours, if you have other staff get them to do this. You want to find out how they got in before you go live again preferably. Hackers love to install backdoors and go back to targets for a second round of defacements etc. So simply removing what you think are their only modifications is not a wise move and may cause you even more downtime in future.

[javierkatana]

Brilliant, well written, thanks for that.

[sebhaks]

Good points. I have another point is taking backup of all data to a local system in daily or weekly is help to restore the data very easily.