Survey for Jaguar techs on Hacked Servers/Accounts.

[thecoalman]

Just curious but In your experience what is most common way a server/hosting plan is exploited?

Brute force and hacked because of poor passwords?
Vulnerability in a public script?
Something else?

If you could suggest one single thing you should be doing what would it be?

[gohighvoltage]

Hi TheCoalman, the most common way a server is exploited is public scripts. Then it would be poor passwords second (which can vary if you really have a poor password)

This is from what I have seen from experience and talking with other IT technicians. Hopefully Jag support can confirm as well?

Some recommendations:

• I would use strong passwords, with Capital, Lower case, numbers and symbols for a password. Something at least 8 characters long.
• I would make sure all scripts you use are up to date, and constantly updated for security exploits.
• You should install the mod_security apache module during the easyapache build process to help prevent exploitation of vulnerable web scripts, together with a set of SecFilters
  
• You should modify /usr/local/lib/php.ini and set:
  enable_dl = Off
  This prevents users from loading php modules that affect everyone on the server. Note that if use dynamic libraries, such as ioncube, you will have to load them directly in the PHP configuration (usually in /usr/local/lib/php.ini)
  
• You should modify the PHP configuration and disable commonly abused php functions, e.g.:
• To prevent PHP scripts from straying outside their cPanel account, you should check WHM > Security Center > php open_basedir Tweak

[thecoalman]

[*]I would use strong passwords, with Capital, Lower case, numbers and symbols for a password. Something at least 8 characters long.

I use Keepass to generate and store passwords and they are much longer than 8 characters.

I must have ESP because just after I posted this it came to my attention an email account I had quickly set up for testing purposes that I forgot to delete afterward was being exploited

[JPC-Veena]

If you could suggest one single thing you should be doing what would it be?

Please keep all the public apps/forums/cms etc on the account updated diligently and look out for new vulnerabilities listed for them.