User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > Constant Phishing Alerts - WHM


Constant Phishing Alerts - WHM




Posted by kshazad86, 07-01-2011, 02:46 PM
I've recently been constantly getting alot of emails from my datacenter saying that particular sites are being used for phishing on my server. When I check this, it always seems that there is a random folder inside particular sites thats being used for phishing, but the problem is how do I put a permanent stop to this?
Posted by m4rc3, 07-01-2011, 05:48 PM
have you web applications up to date, use mod_security, harden php anb make the hacked accounts reset all their passwords.
Posted by mellow-h, 07-03-2011, 12:15 AM
Is that a shared server?
Posted by CH-Shaun, 07-03-2011, 02:13 AM
This commonly happens when folder permissions are 777 and file permissions are 666. If you are in a shared hosting environment, I would definitely recommend running PHP scripts under the suPHP handler. This adds an extra security layer since PHP scripts are being executed under the customer's username and group. You won't ever require 666 and 777 permissions if you run suPHP. Also hackers can upload files through insecure upload scripts or outdated PHP scripts. You could even disable some dangerous PHP functions.
Posted by kshazad86, 07-04-2011, 07:03 AM
The server is already running suPHP, the problem especially happens on a wordpress based site. Which folder should I change the permissions? wp-include? wp-admin?
Posted by drspliff, 07-04-2011, 10:10 AM
Change the permissions for the whole filesystem to '000'.
Posted by kshazad86, 07-04-2011, 12:02 PM
Would that not prevent read access?
Posted by madaboutlinux, 07-05-2011, 06:20 AM
If you are running SuPHP, you shouldn't set 777 permissions for a directory, infact it will generate a Internal Server Error. It is possible that those accounts access details are compromised. Have you checked the logs to see how those phishing files were uploaded OR any of your website applications hacked using which the files can be re-uploaded?
Posted by CH-Shaun, 07-05-2011, 08:08 AM
Perhaps you're running outdated versions of Wordpress? Have a look through your Wordpress plugins. Sometimes plugins can be exploited if they are outdated. Don't chmod files/folders to 000.
Posted by drspliff, 07-05-2011, 08:30 AM
It's like the Darwin Award for server management


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Checking Port Speed (Views: 666)
Power Outage in 365main (San Francisco) (Views: 656)
Stop searching and join downtownhost.com (Views: 661)
Hello and a question about resellers (Views: 712)
EZZI down? [Merged] (Views: 682)

Language:

Our Services

Client Menu

Legal

+1 512-782-9732

Find any answers
you need...



  • PCI Secure
  • Verefied by VISA
  • MasterCard SecureCode

    • Terms of Service | Privacy Policy | FAQs | Affiliates | Email
    Copyright © 2015 BraginHos / CHS Gateway inc. - All Rights Reserved.
    Our address: CHS GATEWAY INC c/o Regus Offices, 2598 E. Sunrise Blvd Ste 2104, Fort Lauderdale, Florida 33304, contact phone number: (+1) 512-782-9732, email: support@chsgatewayinc.com