1
[indent]If an account on our network is exploited and distributing viruses, spam emails, etc as soon as we are aware of the situation we will immediately suspend the account without advance notice. This measure is to ensure we are operating in compliance with the law and to protect other client accounts from experiencing service interruptions and to prevent your visitors from downloading harmful things to their computers including viruses. Once an account has been suspended there are three options:
- Account Reset- The account is deleted and re-created. You then can install the latest versions of your scripts from the script developer. There is no fee involved for the first offense. Any future offenses would incur a €15 fine.
- Account Restore- DS-HostingSolutions will check the two available backups (one is nightly and the other is weekly made Friday morning) that we have to see if your account was exploited. If the backup is not exploited the account can be restored and the public_html directory will be password protected. It is then your responsibility to update all scripts to the latest versions (overwriting all old files), change all account passwords (including cpanel, email, ftp, mysql, etc.), and check your personal computer for viruses and key loggers. After completing all the above steps you can remove the password protection from within your cPanel account via --> Password Protect a Directory --> Click Public_html and uncheck the box and click save. This type of work is classified as security breach recovery and there is a charge of €15 for the account check and backup restore. If the backups of your site are exploited versions you then must choose option #1 or #3.
- Account Repair- You will repair and update all scripts to the latest versions (overwriting all old files), change all account passwords (including cpanel, email, ftp, mysql, etc.), check your personal computer for viruses and key loggers and remove any hacking code from files. Technicians will then review your account in detail to determine if it is no longer compromised and that all scripts are up to date. This type of work is classified as security breach recovery and carries a charge of €7.50 for the first offence and €15 for future offences.
Ways to protect your account and ways DS-HostingSolutions helps:
[indent]Delete Unused Files and Scripts- A very common source for account exploits is abandoned scripts which are not updated. Clients often install scripts for testing and forget about them, which are subsequently exploited and used to hijack the entire hosting account. Remove stuff you are not using.
Never store backups under your account- When you generate a backup download it to your computer or to your storage system then remove it. Never have any backups in public viewable folders (ex. inside the public_html) not even for a short period of time.
Keep scripts up to date- You should always keep your scripts updated to the latest stable version. Many new script releases contain security patches so it is very important to always upgrade.
Use trusted scripts- Use scripts from trusted developers that have a good track record of maintaining and updating their scripts.
Use secure permissions- Never use permissions 777 on folders or 666 on files unless vital to your script operation. The majority of our servers use suPHP which allows the permissions 755 and 644 to be writable which allows your scripts to write to them but no one else.
How DS-HostingSolutions helps- DS-HostingSolutions protects your account with firewalls, brute force protection and blocks hundreds of common account exploiting techniques and common hacking code. [/indent]
