vps hacked

[arianetwork]

all of sites in my vps was hacked . today some of one hack again "ssme.ir" .
jaguar security is very poor. my email and client login was hacked too .
https://secure.jaguarpc.com/newjpc/clients/index.php
i can not login
why is my vps hacked ?
i'm so sorry . my capital and my credit lost .
please help me faster

[jason]

JPC security is, in my experience, pretty good, but running websites is risky business. Are you running any kind of forum, blog, or CMS system on your VPS (or do you have a client that is). These kinds of software tend to be targets of hackers because they are widely used and often easy to exploit.

Also, since you are on a VPS, are you keeping your software up to date? Do you rely on JPC to make updates? IF so, are you sure they are happening on a regular basis? I'm not entirely sure of how it works, but I think that with VPS you might need to ask support to make updates when they're needed. I'm not sure that they're done automatically.

--Jason

[arianetwork]

thanks alot for your reply

[jason]

Some hosts ban certain pieces of software because of the security risks associated with them. Even JPC does this to a limited extent (they've banned scripts named formmail in the past because of the risks associated with older versions of formmail.cgi). If you decided to do this you have to be careful--any piece of software can potentially be exploited, but every time you ban a popular program you also decrease your customer base or upset your current customers.

What I am getting at is that, no matter how secure you make your it, as long as you have other people installing software it is impossible to have a totally secure system.

There are things that you can do to improve security, though. One thing to consider would be to switch to CGI mode for PHP (as JPC is beginning to do). That way scripts would be run under their owners' UID so an exploit to one site would be limited to only that site. You can also educate your users on the need to make regualr updates and maybe you could even provde a notification service to let them know when a new versions of common software is available. You could even market that as a feature of your service--I don't know of any hosts offering that kind of thing.

I would talk with JPC support on Monday. They manage many servers and have to deal with these same issues all the time. I'm sure they'd be willing to give you some pointers.

--Jason

P.S.: Another pice of advice: don't use the same password on your site as you do for the client area. As you found out, if someone cracks your site password, they can potentially do anything with your account if both are the same.

[arianetwork]

thanks alot for your reply

[jason]

I have contacted support and asked that they contact you at the email address you PMed to me.

I am going to sleep now, so I woun't be able to see any replies to the ticket until morning.

--Jason

[Gwaihir]

An upsetting and tragic matter to you, no doubt.

I am a good bit surprised though how someone who hacked your account got access to your JagPC customer account on JagPCs own server as well. There shouldn't be an (unencoded) password for that anywhere on your VPS, I think. Or did you leave it there yourself, in an e-mail stored on the server for example?


To supplement what Jason said: indeed you can't go around banning lots of popular software. But usually it is enough to require you users to stay reasonably up to date. For example: when there was a big phpBB exploit going around, JagPC also told everyone to upgrade to the latest, safe version and shortly after shut down any old versions left on the systems.

[JPC-Greg]

Sounds to me either someone has access to your email or knows your passwords from a previous host. Its happened before, a small host is upset about the loss of a client and decides to do some rather unethitcal and illegal relatiation to a client. The client moves from the host thinking theres no problem with keeping the same passwords they had before at the previous provider.

Not saying that has happened to you but its something to keep in mind. Always update your passwords routinely.

[arianetwork]

Hello,
After 48 hours no one in jaguar backup for me . i opened many tickets and send many emails to jaguar but no one backup for me .

[Vin DSL]

Hey, arianetwork, are you from Texass by any chance?

[Vin DSL]

Thanks for clearing that up, my friend!

[jason]

JPC isn't responsible for doing backups, the site owner is. This applies to shared, SDX, VPS, dedicated, and colo clients. JPC does backups of servers in case a hardware failure or human error causes files to be lost, but they do not, as a general rule, restore files for users. If you want them to do this (and they have the files--they make no guarantees that they will), I believe there is a pretty hefty charge.

Your best bet, for future piece of mind, is to buy some additional space on one of the backup servers and set up a cron job to do automatic backups every day. That way you'll be back up and running again within a few hours if something like this ever happens again.

--Jason

[arianetwork]

I submit Cancellation Form and request to remove my vps . jaguar Some times answered my vps too late and when answered i was confused . some times they answered my ticket very well . any way jaguar have best support .