Cpanel Users - You need to take care of That Digital Junk...

[Mohsin Rasool]

Hi,

If you have Cpanel at your hosting..you are lucky
I mean how easy it is to just do few clicks and Wordpress is installed,
same case is with, Joomla, PhpBB, OSticket, Zen Cart and so much stuff...

As this is so easy to install... Myself included , I have seen many people
do many test installs on the server like Joomla 1.5 in a sub-folder of test purpose,
and phpbb forum at another sub-folder and simpleMachineForum forum at another....

Objective was just to test the things, to pick and choose b/w different scripts...
It was great until this week...a BIG danger-hole was discovered....

You know the scripts we installed, and never used are not going to upgrade
automatically...so they are there unattended!

Big target for hacking...this is what happened with a server of our client, they were hacked through the old Zen cart install at their server which he did years ago just to
test !!!

So this is a reminder that you please make sure their is no unattended install of any
script at your server which is not updated to current version which can give a backdoor
to hackers to hack your website.

It is very simple to check what you have installed at your server thought Cpanel so far..
and from the list check what is outdated and not needed anymore...simply uninstall that..

to check the list of current Cpanel fantastico installs list:
Go to your Cpanel > Fantastico > in the right-sidebar-bottom is a link : " Installations overview" . Click that and you will be presented with a whole list of installations...

Now please set aside some time today or tomorrow and delete all the unused stuff,
yeah clear the old unused digital junk from your server for another step forward
regarding better security.

Best Regards,
Mohsin
PS. Also do not forget to take your Files and Databases backup on daily/weekly basis
depending the nature of the website.

Really It was not great to know that whole site has been damaged screwing the all
marketing and SEO efforts ... Do you care your business? Then please take some time
and set a schedule for backup and follow that religiously.

[LoraGi]

Really useful..that's why i don't like to use for every little need plugins or any other tools that might be hacked easily because of forgetting upgrading
Thank you for sharing.

[TheRichJerksNet]

Upgrading does not stop hacking, it's open source code and since it is given to everybody that wants to download (including hackers) no open source code is safe. No matter what version you are running. Only way to make sure it is secure is to do it yourself my modifying the coding.

James

[MichelledGrace]

Quote:

Originally Posted by TheRichJerksNet

Upgrading does not stop hacking, it's open source code and since it is given to everybody that wants to download (including hackers) no open source code is safe. No matter what version you are running. Only way to make sure it is secure is to do it yourself my modifying the coding.

James

Wouldn't it be difficult for a newbie(me) to modify the coding?

[Kay King]

Good reminder - I guess I have a good habit for a change as I uninstall any tests before installing a new one.

If I've been playing around in cpanel trying out some things I delete the public_html folder and make a new one.

kay

[TheRichJerksNet]

Quote:

Originally Posted by MichelledGrace

Wouldn't it be difficult for a newbie(me) to modify the coding?

That is why you buy a product (from a well respected person) that secures the scripts... Better yet spend some money on your business and hire a real developer that can build a custom built site that hackers do not have access to..

James

[avenuegirl]

Yes, I'm in the process of hauling out a lot of tests, etc. Unlimited plans have a limit. I recently discovered I can have 200,000 files, but at 50,000 they will start to keep an eye on you and I am past that. A lot of it is themes, joomla and wp installs, and some other tests which really are just wasting space.

Even with the cpanel it can all start to look a bit cluttered.

[SurviveUnemployment]

This is great advice. Thanks for the reminder. What was the nature of the damage to your client's sites? Just cosmetic or were their revenues being stolen?

[SurviveUnemployment]

Quote:

Upgrading does not stop hacking, it's open source code and since it is given to everybody that wants to download (including hackers) no open source code is safe.

Actually it's the other way around. Open source is the safest because so many people are looking at the code and improving it. Custom scripts are much easier to hack. It's not like hackers can't see what your script is doing and probe it for holes until they find one.

[TheRichJerksNet]

Quote:

Originally Posted by SurviveUnemployment

Actually it's the other way around. Open source is the safest because so many people are looking at the code and improving it. Custom scripts are much easier to hack. It's not like hackers can't see what your script is doing and probe it for holes until they find one.

Sorry been building "custom" sites for over 15 years.. This is why you see so many wordpress blogs and many other free scripts hacked, because they are open source.

Why do you think so many people go and get custom built sites, because they do not want others knowing how their scripts work thats why...

Nothing is 100% secure but I rather have a lock on my door vs having my door wide open for all to enter.

James

[Mohsin Rasool]

Quote:

Originally Posted by SurviveUnemployment

This is great advice. Thanks for the reminder. What was the nature of the damage to your client's sites? Just cosmetic or were their revenues being stolen?

You are welcome.

No, no direct financial fraud...but financial were affected due to affected SEO...

As every page was linked to bad neighborhood..a wide spread network of linking
victim sites ultimately directing traffic and SEO ranks to their spam sites...

Any site like this is badly affected in SERPs and it hurts SEO, traffic, and ultimately sales.


Mohsin

[Ralf Skirr]

That's a good reminder to look at my servers and simply delete all the scripts that aren't needed anymore. There's just too much old stuff...


Thanks
Ralf

[Mohsin Rasool]

Quote:

Originally Posted by TheRichJerksNet

Sorry been building "custom" sites for over 15 years.. This is why you see so many wordpress blogs and many other free scripts hacked, because they are open source.

Why do you think so many people go and get custom built sites, because they do not want others knowing how their scripts work thats why...

Nothing is 100% secure but I rather have a lock on my door vs having my door wide open for all to enter.

James

Hey James,

Why you want to start the debate on Open-Source vs Closed-Source, on every thread talking about any Open Source package.

It is fact that thousands of Warriors use them daily for their businesses and It is necessary
for them to know what they can do in this regard which helps their business in anyway.

This thread was not meant to discuss the Merits and De-Merits of Open source Vs proprietary code... Everything has its own pros and cons.

If you really want to educate the Warriors about the pros and cons of both, i suggest
you start a thread with the title: Dis Advantages of Open Source and How one can Fix them... and let all the community members discuss there...

No one can deny the reality that Open Source scripts are the most used by
most of the IMers (the members of this community), so we just cannot stop them using open source and compel them to opt for some paid programmer!

Instead we should help and encourage them to benefit from open source, save money
and time and use the best of the best code! Yes you can help them secure their open source by giving the tips and code hacks you suggest but do not ask everyone to go
for some programmer for a fee..

Peace,
Mohsin

[TheRichJerksNet]

I started no debate, I made a factual statement - Upgrading to the latest version of something does not make you secured.

As one warior told me before "Let them be hacked and when they are then maybe they will realize they should have paid for a real solution instead of being cheap".

James