WHM/cPanel di bobol orang

Iya masih bisa di terobos juga, padahal saran @IDreg.Net sudah kami coba. dan sebagian website client yang ada muncul tampilan halaman seperti berikut ini.

udah di cek backdoor dan symlink nya?
Kalau berkenan share Tutorial komplit cara cek backdoor / symlink nya ?

Sebab, Sudah saya konsultasikan ke bagian technical nya, dan mereka hanya beri beberapa tips sebagai berikut :

Here are some tips to keep your site secure.

1. First thing you need to do is check all vendor/developer sites for ALL web scripts/applications used in your account for any update including any mod you may be using in any web application. If you are using any open source web application, that may be the prime suspect. However, you must check all and keep them up to date. Check the database on www.secunia.com for any known exploits released in public.

2. Once you have verified that 100% of scripts are latest stable, you will need to go through all files of your account and make sure none is uploaded by hackers before you audited or left by you from an old install of an application. There may be files in folders you would never imagine. You can use ftp or cpanel file manager to go through all files under public_html and compare them with your local copy. [You should always maintain a local copy for this comparison as well as backup]

3. Make sure all passwords are mix of alpha-numeric and not a dictionary word. Just because you thought of a difficult word from dictionary does not make you safe.

4. The MySQL database access to all web application should be using separate db users. Do not ever use your main account user/pass for it. Your main user/pass should never be stored in any file in your account.

5. In your control panel, activate archive option of your web logs in Raw Log Manager. This will give you the opportunity to check how the hacker exploited one of the scripts. Otherwise all raw logs are cleared after generating stats. If you have already been hacked, its too late now but you can archive the logs for future attacks.

6. If you have customized a web application with a mod, make sure it is also latest stable. Many popular web application may be stable but one of the addon mods are exploitable, which may not be maintained any more.

7. If you have written some code yourself, make sure all input variables are sanitized (checked for valid data before using it). Otherwise a single line of bad code can give access to your entire account. The usual blunder is to include a file based on user input. Again, make sure all input to a script is checked for valid data. All exploits are based on input data. If your site does not take any input, you are 100% safe from web exploits, i.e. if you run 100% static html site with no script whatsoever anywhere in your account.

8. For php, any application that uses register_globals to be active has more chances of being exploitable. Avoid such applications.

9. If you have some mail script, make sure it is safe from header injection. In essence make sure that email address, subject and other part of data that is being submitted by user does not contain line breaks. Some coding assistance is provided on our forums.

10. Using open source free web applications is great but you have to maintain it by regular updates or you can loose all your data and site if a new exploit is known about it. And as a hosting account owner, it is your responsibility that you have installed only stable applications in your account.

11. If your site has been running fine for years, it does not mean there were no security holes in it. It actually means that exploit was unknown or you were lucky that no one exploited it before.

12. For added security, change the permissions of your configuration files (having database credentials etc.) to 660. You can do that via ftp or file manager.

13. For added security, if you can block access to certain administrative sections of your site, do that by giving access to only authorized IP addresses and blocking access for everyone else, Or password protect it.

14. If there is any file upload facility in your account, make sure that only authorized members can use it.

Also the uploaded file should not be accessible via web URL directly (i.e. stored outside of public_html) unless

a) it is only uploaded by a site admin (responsible person)
b) checked and validated to be not exploitable

15. If there is any URL forwarding or Web mail facility for your site membership, make sure it is not given to all without proper authorization or it could be used for spamming.

16. If you're just testing / trying something, which only you need and you know you won't actively keep up to date, just lock it behind a password right away.\
Kalau sudah berhasil ditanam backdoor di sql database klien tuan sepertinya sudah repot urusannya tuan. Lebih baik saran saya reinstall saja lalu restore backup semua data klien tuan.
Dan jangan lupa hardening server itu sangat penting tuan :D
Sangat menarik. udah kesekian kalinya menghadapi serangan para hacker, dan saya di depak oleh provider hosting, dari sini saya dapat belajar banyak.
Untung saja hanya satu server yang saya open secara public untuk layanan free trial uji coba, khusus untuk belajar dan hanya ambil beberapa bulan.
Saya masih belum tahu cara menghadapi backdoor atau sejenisnya itu, mungkin ada saran ??
Seperti yg sudah saya post sebelumnya tuan, caranya gunakan jasa server hardening khusus web hosting kalau memang knowledge tuan utk server management masih kurang :). Salah satu perusahaan yang server hardeningnya cukup baik dengan harga yg masuk akal menurut saya adalah configserver.com. Perusahaan ini sangat reputable karena mereka adalah author dari CSF firewall yg kita semua (kalangan webhosting) gunakan.
Iya, memang maqam saya sebatas reseller hosting, maklum latar belakang saya bukan orang IT, tapi orang spiritualis yang ingin terjun menggeluti dunia internet, khususnya hosting.
Maksudnya server di install CSF gitu tah? mana mungkin aku bisa, karena tidak punya akses root
Ok kalau begitu kasusnya berarti tuan harus complain ke web hosting tempat tuan beli reseller hosting, berarti servernya kurang "aman" tuan, semoga bisa mereka perbaiki segera. :)
Awalnya beberapa hari yang lalu saya terminate ratusan akun yang memasang script phising, autobot/like dll. Beberapa hari kemudian password login WHM saya berubah dan saya tak bisa login, kemudian saya minta tolong pihak provider untuk membuatkan password baru dan dikirim ke email saya. Sehingga saya bisa masuk, anehnya sekitar 500 lebih akun gratis telah tersuspend dan muncul page seperti diatas, namun sebagian web masih normal. Selang beberapa jam saya konsultasikan hal ini dan di cek sama mereka dan mereka yang beritahu kalau akun terhacked , anehnya lagi sama mereka akun reseller saya di suspend juga langsung. Ha..ha.. ini sudah ketiga kalinya saya di depak. Namun saya tenang-tenang saja, namanya belajar butuh pengorbanan. Saya yakin yang bobol adalah salah satu master-master disini ( bukan suudzon dan tidak menuduh )
Padahal pada awal sebelum saya konsultasi pada pihak provider SkyNet, saya mau order tapi akan saya gratis, apakah diijinkan ?
mereka bilang " Iya tidak apa dan diijinkan ", namun nyatanya separuh perjalanan sudah tersuspend.
Silahkan di closed thread ini,
Terima kasih atas masukan dan sarannya, saya akan melanjutkan pengembaraan mencari provider yang tidak galak. Sampai jumpa lagi kawan-kawanku..
Untuk Free Web Hosting memang solusi terbaik punya vps/dedicated sendiri tuan. Di alnitech lagi ada promo dedi $39 kalau mau ambil, minggu ini aja promo terakhir. Semoga membantu
