Knowledge Base: Trouble shooting

Paid security scan and hardening service

2MHost runs security audits every 48 hours in all servers and open "abuse" tickets for you with full details of what we found in your hosting account, we ask you to remove the bad files and give you general tips in how to harden your hosting account,  But usually removing the malware is not enough to stop further attacks because your DB password may be already leaked or you may missed some backdoor somewhere in your website files.

2MHost in partnership with a security professionals perform a paid security audit and scan in your individual hosting account for $30/Hour (30 minutes incremental charges)

Security Audit and Hardening tasks:

  1. Change the administrative username/password of your software (Joomla, Wordprss, ..etc)   Hackers try to brute force attack your joomla/wordpress installation using default username admin and easy-to-guess passwords , by changing both username and password you give hackers harder times to guess your login credentials.
     
  2. Change mysql password to a more secure one: Hackers can try to login dierctly to your joomla/wordpress database to obtain sensetive data , securing your mysql password eliminate this possibility, this is needed specially if you're recovering from a recent hack.
     
  3. Password protect your software (Joomla, Wordprss, ..etc) admin directory : Adding another layer of security to your administrative login by requiring
     
  4. Update software (Joomla, Wordprss, ..etc) to latest version : Keeping your software always up-to-date is a vital key of maintaining your website security to avoid getting hit by and 0-day exploit.
     
  5. Update software (Joomla, Wordprss, ..etc) associated plugins to latest version

  6. Run a security audit on your files to catch injected malware : We will scan all files under your account to find malware code injected in your files or even malicous files uploaded to your account .
     
  7. Change file permissions to harden your installation: Some configuration files needs only to be accessed only from within your software install and no need to make them view-able to the web browser (also the hacker) , so the normal file/directory permissions is not needed here hence we do change such config files permissions to secure your installation.
     
  8. Add security plugins to your joomla/wordpress installation to help prevent further hacks ,like : Wordpress : Login Alert Mute Screamer Secure WordPress User Locker WP Login Security 2 WP Security Scan Joomla : Admin Tools jSecure Lite jHackGuard JLSecure My Site Eyesite Akeeba Backup will be added according to each case individually after studying your install.
     
  9. Several tweaks to your joomla/wordpress installation to prevent automated attacks: Like changing DB prefix , changing admin ID and httpassword protection to admin area are used, and again this is decided individually based on each case.
     
  10. Check your logs trying to determine any suspicous requests to get better idea what was the weak point used to hack your account, Other cases are studied individually and actions to secure content is determined accordingly.

Service Guarantee

Security is an ongoing process, After securing your account and in order to maintain it in functioning probably and avoid future hacks you need to:

  1. Scan all PCs connected to the account for viruses to assure there is no virus/trojan on your PC capturing your sensitive data , anti-viruses like AVG, Avast and Microsoft security Essentials are free to use.
     
  2. Make sure all passwords (cpanel,FTP, Mail accounts, MySQL) are mix of alpha-numeric characters and not a dictionary word. Just because you thought of a difficult word from dictionary does not make you safe
     
  3. The MySQL database access to all web application should be using separate db users. Do not ever use your main account user/pass for it. Your main user/pass should never be stored in any file in your account.
     
  4. Using open source free web applications is great but you have to maintain it by regular updates or you can loose all your data and site if a new exploit is known about it. And as a hosting account owner, it is your responsibility that you have installed only stable applications in your account.
     
  5. If you're just testing / trying something, which only you need and you know you won't actively keep up to date, just lock it behind a password right away.
     
  6. Since our shared/resellers servers come with suphp, you do not need any file or folder with world write permissions. The normal folder permissions should not exceed 755. And php/html files can be 644 (or lower through ssh). CGI/perl scripts can be 755.

To order, please submit a support ticket.


written by:Norman, on:2013-03-06 07:56:28