Results 1 to 10 of 10
  1. #1

    Reseller Security Issue / advice ???

    Hi, I'm working with my hosting reseller service and many things have occured and I really need your help/advice to go over them.

    Firstly, I offer a free webhosting service. That's why sometimes ppl upload their shell/backdoor and hack into the root. I have been hacked twice cuz I don't have much time for managing my sevice (I still have school). Is it any advice for how to prevent users from uploading bad and dangerous script onto their host? It always takes me like an hour a week to scan the whole server for shells, but pretty much I don't wanna do it everyday.

    Secondly, my reseller provider never give me the new password when my root is hacked. They request me to reset the whole server. That also means I have to erase all of the database/clients info. (that's really silly, I think). I'm just wondering is it solution for backing up the clients' data and info before resetting like that?

    Thank you very much ^^~

  2. #2
    Quote Originally Posted by npploveyou View Post
    Hi, I'm working with my hosting reseller service and many things have occured and I really need your help/advice to go over them.

    Firstly, I offer a free webhosting service. That's why sometimes ppl upload their shell/backdoor and hack into the root. I have been hacked twice cuz I don't have much time for managing my sevice (I still have school). Is it any advice for how to prevent users from uploading bad and dangerous script onto their host? It always takes me like an hour a week to scan the whole server for shells, but pretty much I don't wanna do it everyday.

    Secondly, my reseller provider never give me the new password when my root is hacked. They request me to reset the whole server. That also means I have to erase all of the database/clients info. (that's really silly, I think). I'm just wondering is it solution for backing up the clients' data and info before resetting like that?

    Thank you very much ^^~
    Don't offer free hosting?

    Your host is probably making you reset and start over from scratch, to make sure that there are no traces of the hack left over.

  3. #3
    Yeah, actually I stopped the free hosting services days ago. And I also have the same wonder as you just why the provider made me to reset the server cuz I really need to know the log file of activities ... They just said "No, you can't"

  4. #4
    Join Date
    May 2009
    Location
    Ft. Lauderdale, Florida
    Posts
    1,783
    Most providers do not allow free hosting accounts due to that most accounts are either phishing, spamming or other abusive/illegal websites.
    U.S.A. High Resource allocation global cloud hosting serving 310,000 clients since 2008 | Offering both cPanel & DirectAdmin
    WebsitePlex.com | Instant Activation | Alpha, Master, Reseller & Cloud Hosting
    Recurring Affiliate Program Pays 20% of total revenue for life | 30 Day Trial

  5. #5
    Quote Originally Posted by npploveyou View Post
    And I also have the same wonder as you just why the provider made me to reset the server cuz I really need to know the log file of activities ... They just said "No, you can't"
    Do you have a reseller account or a dedicated server?
    I'm surprised if you use reseller hosting and your host allows you to offer free hosting.
    PremiumReseller.com Hyper-V SSD VPS USA London Singapore
    Reseller Hosting Cpanel PURE SSD CloudLinux Softaculous
    Windows Reseller Asp.NET 4.5 MSSQL SmarterMail Enterprise

  6. #6
    Quote Originally Posted by PremiumHost View Post
    Do you have a reseller account or a dedicated server?
    I'm surprised if you use reseller hosting and your host allows you to offer free hosting.
    I have a reseller account and yes, I asked them if I can provide free hosting service or not. And they just said: Yes ...

  7. #7
    Join Date
    Jan 2003
    Location
    U.S.A.
    Posts
    3,928
    Quote Originally Posted by npploveyou View Post
    I have a reseller account and yes, I asked them if I can provide free hosting service or not. And they just said: Yes ...
    Your host is pulling your leg... You can only do so much when it comes to security if you don't have root access. I would first start with doing some simple things such as a strong secure password ( try this: http://www.pctools.com/guides/passwo...&generate=true ). You should then update your password every couple of weeks. The next thing you can do is disable shell access to any of your users and make sure they do their part with secure passwords. The other option is to not allow free hosting. lol

  8. #8
    Thank you for your advice, I have disable the shell access and also uncheck dedicated IP. I'm now starting to think that all the attackers are from my competitors cuz I offer an Unlimited package just 2.99$/month ... I removed the free package now that's annoying though lol ...

  9. #9
    You can always try weeding out abusers on free plans, by charging say a $1 setup fee. People after dirt cheap hosting would still sign up, but spammers will move onto some other target.

  10. #10
    It sounds to me like you have a dedi server or vps?

    My advice:

    Don't offer free hosting - why put up with this if you not making money?

Similar Threads

  1. mod security issue
    By DjiXas in forum Hosting Security and Technology
    Replies: 5
    Last Post: 05-10-2008, 10:46 AM
  2. Is that a security issue?
    By raulgonzalez in forum Programming Discussion
    Replies: 4
    Last Post: 05-17-2005, 01:19 PM
  3. VPS Security Issue
    By kalpin in forum Hosting Security and Technology
    Replies: 3
    Last Post: 01-30-2005, 11:44 PM
  4. security issue-what could this be?
    By deseek in forum Hosting Security and Technology
    Replies: 2
    Last Post: 05-03-2004, 01:48 AM
  5. Security issue regarding a reseller...
    By ramystyle in forum Hosting Security and Technology
    Replies: 1
    Last Post: 01-01-2004, 05:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •