In the past year or so, we have encountered quite a few hacking attempts of our servers. Customer data has been sometimes changed, and although most of the times we were able to clean the files, or restore the hacked sites, sometimes we weren’t capable of doing that. And that of course affected you.
After a long period where I read every ftp log and every httpd log available on servers, I came to the conclusion there are 2 main ways a hacker is currently able to get to a customer files:
- via cross-site scripting, taking advantage of poor written customer php scripts, or of outdated php applications like Joomla, osCommerce, and other like this
- via ftp, either after a brute-force attack where they managed to crack weak passwords (and I couldn’t stress enough how important is to have a strong password for your FTP accounts), or via other means (there are viruses out there and malware that will steal your ftp password, and for that matter all other passwords, like on-line banking passwords and such)
While I cannot do much about scripts that aren’t written well, and except for begging you to keep your php apps updated there’s no reasonable way to enforce it, I can help you with the FTP part. Our sysadmin team has built and implemented an extra module on our servers that will allow you to say “only this ip and this ip and this ip can upload files via ftp in my account”, or, for instance “this ip and this ip can NEVER upload files via ftp” (Or you can do nothing, and everything will remain as it is now). I have tested this module and it seems to work just fine, but I am not comfortable of releasing it before I can do some more extensive testing. I need you (our valued customer) to lend me a hand and help me test it.
If you’re interested in testing it, please comment on this post and I will personally contact you via email (so make sure you fill in the “email” field of the comment section with a valid email address), and I will explain what and how to test it. Oh, and one more thing… this feature is currently available only for linux plans.
Waiting to hear from you…