17 {{ upvoteCount | shortNum }}
17 {{ upvoteCount | shortNum }}

Cpanel Users - You need to take care of That Digital Junk...

by Mohsin Rasool
13 replies
Hi,

If you have Cpanel at your hosting..you are lucky
I mean how easy it is to just do few clicks and Wordpress is installed,
same case is with, Joomla, PhpBB, OSticket, Zen Cart and so much stuff...

As this is so easy to install... Myself included , I have seen many people
do many test installs on the server like Joomla 1.5 in a sub-folder of test purpose,
and phpbb forum at another sub-folder and simpleMachineForum forum at another....

Objective was just to test the things, to pick and choose b/w different scripts...
It was great until this week...a BIG danger-hole was discovered....

You know the scripts we installed, and never used are not going to upgrade
automatically...so they are there unattended!

Big target for hacking...this is what happened with a server of our client, they were hacked through the old Zen cart install at their server which he did years ago just to
test !!!

So this is a reminder that you please make sure their is no unattended install of any
script at your server which is not updated to current version which can give a backdoor
to hackers to hack your website.

It is very simple to check what you have installed at your server thought Cpanel so far..
and from the list check what is outdated and not needed anymore...simply uninstall that..

to check the list of current Cpanel fantastico installs list:
Go to your Cpanel > Fantastico > in the right-sidebar-bottom is a link : " Installations overview" . Click that and you will be presented with a whole list of installations...

Now please set aside some time today or tomorrow and delete all the unused stuff,
yeah clear the old unused digital junk from your server for another step forward
regarding better security.

Best Regards,
Mohsin
PS. Also do not forget to take your Files and Databases backup on daily/weekly basis
depending the nature of the website.

Really It was not great to know that whole site has been damaged screwing the all
marketing and SEO efforts ... Do you care your business? Then please take some time
and set a schedule for backup and follow that religiously.
#care #cpanel #digital #junk #users
  • Profile picture of the author LoraGi
    Really useful..that's why i don't like to use for every little need plugins or any other tools that might be hacked easily because of forgetting upgrading
    Thank you for sharing.
    {{ DiscussionBoard.errors[1298069].message }}
  • Profile picture of the author TheRichJerksNet
    Upgrading does not stop hacking, it's open source code and since it is given to everybody that wants to download (including hackers) no open source code is safe. No matter what version you are running. Only way to make sure it is secure is to do it yourself my modifying the coding.

    James
    {{ DiscussionBoard.errors[1298129].message }}
    • Profile picture of the author MichelledGrace
      Originally Posted by TheRichJerksNet View Post

      Upgrading does not stop hacking, it's open source code and since it is given to everybody that wants to download (including hackers) no open source code is safe. No matter what version you are running. Only way to make sure it is secure is to do it yourself my modifying the coding.

      James
      Wouldn't it be difficult for a newbie(me) to modify the coding?
      {{ DiscussionBoard.errors[1298200].message }}
      • Profile picture of the author Kay King
        Good reminder - I guess I have a good habit for a change as I uninstall any tests before installing a new one.

        If I've been playing around in cpanel trying out some things I delete the public_html folder and make a new one.

        kay
        Signature
        Saving one dog will not change the world - but the world changes forever for that one dog
        {{ DiscussionBoard.errors[1298209].message }}
      • Profile picture of the author TheRichJerksNet
        Originally Posted by MichelledGrace View Post

        Wouldn't it be difficult for a newbie(me) to modify the coding?
        That is why you buy a product (from a well respected person) that secures the scripts... Better yet spend some money on your business and hire a real developer that can build a custom built site that hackers do not have access to..

        James
        {{ DiscussionBoard.errors[1298210].message }}
        • Profile picture of the author Jill Carpenter
          Yes, I'm in the process of hauling out a lot of tests, etc. Unlimited plans have a limit. I recently discovered I can have 200,000 files, but at 50,000 they will start to keep an eye on you and I am past that. A lot of it is themes, joomla and wp installs, and some other tests which really are just wasting space.

          Even with the cpanel it can all start to look a bit cluttered.
          Signature

          "May I have ten thousand marbles, please?"

          {{ DiscussionBoard.errors[1298227].message }}
  • Profile picture of the author SurviveUnemployment
    This is great advice. Thanks for the reminder. What was the nature of the damage to your client's sites? Just cosmetic or were their revenues being stolen?
    Signature

    The best link-building strategy you never heard of...

    Article Spinning Is Not a Crime    !

    {{ DiscussionBoard.errors[1298906].message }}
  • Profile picture of the author SurviveUnemployment
    Upgrading does not stop hacking, it's open source code and since it is given to everybody that wants to download (including hackers) no open source code is safe.
    Actually it's the other way around. Open source is the safest because so many people are looking at the code and improving it. Custom scripts are much easier to hack. It's not like hackers can't see what your script is doing and probe it for holes until they find one.
    Signature

    The best link-building strategy you never heard of...

    Article Spinning Is Not a Crime    !

    {{ DiscussionBoard.errors[1298916].message }}
    • Profile picture of the author TheRichJerksNet
      Originally Posted by SurviveUnemployment View Post

      Actually it's the other way around. Open source is the safest because so many people are looking at the code and improving it. Custom scripts are much easier to hack. It's not like hackers can't see what your script is doing and probe it for holes until they find one.
      Sorry been building "custom" sites for over 15 years.. This is why you see so many wordpress blogs and many other free scripts hacked, because they are open source.

      Why do you think so many people go and get custom built sites, because they do not want others knowing how their scripts work thats why...

      Nothing is 100% secure but I rather have a lock on my door vs having my door wide open for all to enter.

      James
      {{ DiscussionBoard.errors[1298949].message }}
      • Profile picture of the author Mohsin Rasool
        Originally Posted by TheRichJerksNet View Post

        Sorry been building "custom" sites for over 15 years.. This is why you see so many wordpress blogs and many other free scripts hacked, because they are open source.

        Why do you think so many people go and get custom built sites, because they do not want others knowing how their scripts work thats why...

        Nothing is 100% secure but I rather have a lock on my door vs having my door wide open for all to enter.

        James
        Hey James,

        Why you want to start the debate on Open-Source vs Closed-Source, on every thread talking about any Open Source package.

        It is fact that thousands of Warriors use them daily for their businesses and It is necessary
        for them to know what they can do in this regard which helps their business in anyway.

        This thread was not meant to discuss the Merits and De-Merits of Open source Vs proprietary code... Everything has its own pros and cons.

        If you really want to educate the Warriors about the pros and cons of both, i suggest
        you start a thread with the title: Dis Advantages of Open Source and How one can Fix them... and let all the community members discuss there...

        No one can deny the reality that Open Source scripts are the most used by
        most of the IMers (the members of this community), so we just cannot stop them using open source and compel them to opt for some paid programmer!

        Instead we should help and encourage them to benefit from open source, save money
        and time and use the best of the best code! Yes you can help them secure their open source by giving the tips and code hacks you suggest but do not ask everyone to go
        for some programmer for a fee..

        Peace,
        Mohsin
        Signature
        Warriors4Hire: WordPress & GENESIS Experts | Custom WP Theme | WordPress Troubleshooting | Customizations | WP Security | Responsive Themes

        My Business site: WarMarks - Web Development | My Personal Blog: Mohsin Rasool
        {{ DiscussionBoard.errors[1301373].message }}
  • Profile picture of the author TheRichJerksNet
    I started no debate, I made a factual statement - Upgrading to the latest version of something does not make you secured.

    As one warior told me before "Let them be hacked and when they are then maybe they will realize they should have paid for a real solution instead of being cheap".

    James
    {{ DiscussionBoard.errors[1301505].message }}

Trending Topics