Portal Home > Knowledgebase > Articles Database > Urgent help: My hostgator reseller accounts has been hacked
Urgent help: My hostgator reseller accounts has been hacked
| Posted by moaa, 09-28-2015, 03:18 AM |
| Hello,
For the last 3 months I have been fighting phishing attack and there is no end to it. My smaller reseller is Hosgator and I am helpless to stop the hacking. I have done:
- changed all accounts passwords
- deleted phishing contents from each account
- Hostgator automatically scanned the accounts
- instead of helping solve the issue, Hostgator wants me to buy their sitelock plan
But the attack continued. It seems they have back door access to my account, the attack keeps coming back.
I would like to move from Hostator but i am not sure if moving will help while my sites are being attacked.
if you have ideas how I can stop phishing attack please help. The worst part of it is Hostgator is not responsive and instead they are quick to disabling my clients accounts.
Please help
|
| Posted by Andei, 09-28-2015, 03:26 AM |
| If your clients' accounts are compromised, via a hacked wordpress for instance, then it would be their responsibility or yours to clean all the infection out of there, the same as it was their/your responsibility to keep the software (ie: wordpress, themes, plugins) updated and secured so the infection won't happen to begin with.
Changing hosting providers won't help (unless your new provider offers cleaning up malware services)... what you need is to hire a freelancer or security company to completely remove the infection, or else it'll just keep coming back over and over, even if you clean everything and miss just one backdoor script, it'll be all for nothing.
Not sure how much sitelock would help either, but I guess you could try it.
It seems normal for HG to disable infected accounts if this is a recurring issue, because those infected accounts are probably sending out spam, affecting the entire server in a negative way.
|
| Posted by moaa, 09-28-2015, 05:00 AM |
| Hi Andrei,
I have about 30 accounts and about 12 of them have been affected. My problem is I don't the fund to clean all sites at the moment. I guess I could ask the owners to pay for it though. What I am not sure is if my main reseller account got hacked and then the hacker got access to some of my clients accounts. Do you know professional security company that will do one time clean to get ride of the malware. Or do you know tools that I can use to clean it myself. all the sites I am hosting are WordPress and Joomla.
Thanks
M
|
| Posted by Andei, 09-28-2015, 05:09 AM |
| You can take a look into the server/security management offers... also you can find freelancers on freelancer websites, or on fiverr... but you know... can't really except to pay $5 for a job well done.
|
| Posted by DivinePrad, 09-28-2015, 05:56 AM |
| https://sucuri.net/ helps in cleaning and protecting your site. You can also scan your site online for any malicious contents at https://sitecheck.sucuri.net//
In addition, your host can run a maldet on all your account files and see if any malware is caught. Atleast they should be able to check the logs and tell you how the accounts are hacked. Most probably there would be some shells left over with the help of which they are attacking. In addition, try the basic things at your end as well.
1) Change all WHM/cpanel/FTP/email/mysql passwords.
2) Scan all files and remove any malicious contents
3) Keep all third party software updated to the stable version
4) In addition to the CMS, make sure all plugins and themes used by them are also uptodate
5) Make sure there are no loose permissions
There is a limit to which the hosts can help you in prevent hacking. Mostly websites are hacked due to site owner's carelessness. Make sure your new passwords are strong and kept confidential.
|
| Posted by net, 09-28-2015, 06:13 AM |
| You really need to start digging on the log and know how it happened. Something is something.....
|
| Posted by brianoz, 09-28-2015, 10:11 PM |
| The advice from DivinePrad is all great. If sites are getting hacked a lot, I'd also check for the presence of insecure plugins. That requires a little knowledge, but I'd say if you get Sucuri to do a few sites they may be able to tell you what they found and you could then reproduce it on the others. Some other indicators of poor plugins are infrequent updates, active security issues, low install count, low star count (high star count means nothing unless install count is high).
Also, you can use Wordfence to scan files and it can be very helpful.
There is some good news in this - if the server was compromised, or your reseller credentials were compromised, you'd expect a higher infection rate.
As far as changing hosts - unless the new host has some form of security promise, I wouldn't change. It isn't a hosts job to fix security problems in user code - they would otherwise spend all their time fixing problems caused by users.
Finally, another trick which can help is to add a .htaccess file to prevent .php file execution from upload areas. This can help quite a bit.
|
| Posted by USHost247-ChrisGrigg, 09-28-2015, 10:52 PM |
| You must make sure all wordpress accounts are updated, all plugins for those wordpress sites need to be trusted and updated to latest versions. Also, a host with CXS or similar software should run a scan on your accounts. Usually the host should help, or at least I would.
Moving to another host will not help unless the new host helps you clean it up.
You must also make sure that your pc and your client's pc are not infected with malware or keyloggers. Have your clients run scans from trusted anti-virus software on their personal computers.
|
Add to Favourites 
Print this Article
Also Read
