Portal Home > Knowledgebase > Articles Database > Is it possible that your host HACK you ?
Is it possible that your host HACK you ?
| Posted by HostingTiger, 11-20-2014, 03:45 PM |
| I wake up on a friends msg at 3 am who told me that my website is down.
I tried to log in to my server user's account to find the password changed ! It was a computer generated complex password.
I quickly logged to my email , to find intruder tried to hack it as well , but failed. I reset my server account password to find hacker deleted my website root folder.
He didnt do anything else , didnt even open my emails.
How the hell had he known my passowrd ?? I used to be a hacker so I never write important passwords on my friends or public computers.
I dont think there is any connection between my website and host users area ? No ?
I suspect my host did this so I pay $50 for restore ? The only thing that makes me think it is not my host ,is that hacker tried to hack my email.. Which is not the interest of my host.
I am not crazy..Forex companies do that all the time to make their winning clients lose money.. They log in with a "supposed" hacker and open bad trades..
I installed WP all in one security and succuri..I also made 2 steps login on my host and gmail (I have to enter a generated code on my mobile)..
Can anyone help me to further secure my website ? I cant sleep properly (if at all)
|
| Posted by ServerSam, 11-20-2014, 03:52 PM |
| I wouldnt say its impossible for a host to hack you, but if the host really wanted to hack you, they can just login to your sever without having to "try" to login multiple times.
I would recommend you check your computer to make sure there are no malware/viruses that may be being used to steal your passwords as you type them.
|
| Posted by HostingTiger, 11-20-2014, 03:59 PM |
| I dont think hacker tried to log multiple time..just once to my server. I am very wary of keyloggers and I have antivirus..and if that was the case hacker would have got my gmail password.
|
| Posted by Mohammed H, 11-20-2014, 04:46 PM |
| Hello,
if you are on shared host and your host don't have a well secured system. another malicious user can hack into your site using php/perl shells and symlink vulnerability (assuming your host is not using CloudLinux/CageFS. just a plain system with cpanel/directadmin)
Highest Regards
Mohammed H
|
| Posted by HostingTiger, 11-20-2014, 04:54 PM |
| It is $70 a month cloud VPS..my name is Mohammad too btw.
What i cant fathom is thr connection between cpanel/ftp and my server users area! the 2 should be totally separated.
|
| Posted by victormeldrew, 11-20-2014, 04:56 PM |
| You host as access to everything and they can check the logs to see how it happened
|
| Posted by HostingTiger, 11-20-2014, 04:59 PM |
| they confirmed that someone changed the passwoŕd after 3 months no change..what info i can request from them ??
|
| Posted by Andei, 11-20-2014, 04:59 PM |
| But if it was indeed the host that hacked him then they won't help him with any info from the logs, of course...
|
| Posted by victormeldrew, 11-20-2014, 05:02 PM |
| They should know how they got in and there I.P
|
| Posted by HostingTiger, 11-20-2014, 07:00 PM |
| They gave me Hacker IP , which was the last one who logged to my Cpanel before I jump in
180.234.20.73
180.234.230.48
It is a guy from Bangladesh..I deal with several Bangladesh developpers and give them cpanel pass.
I emailed Freelancer.com support to help me Identify him and I gave them screenshot from Siteground investigation.
Should be interesting
|
| Posted by Andei, 11-20-2014, 07:03 PM |
| So you web hosting provider didn't hack you, all is good with the world again.
It's quite weird you would instantly assume your hosting provider hacked you since you very well knew that you've given several freelancers your cpanel login details...
|
| Posted by victormeldrew, 11-20-2014, 07:04 PM |
| You should not give anyone your cpanel password you cant trust anyone.
If you do need help use something like team viewer, so you can share the screen that way you don't have to give details out and can watch what they do.
|
| Posted by HostingTiger, 11-20-2014, 07:15 PM |
| I just suspected..didn't accuse or say names. I find it hard to believe that someone with cpanel pass can get user area pass ! Thats why I am suspicious.
Can anyone recommend me an FTP login alert ? That sends me email alert when someone login ?
|
| Posted by Andei, 11-20-2014, 07:30 PM |
| Just FYI FTP login is also very unsafe, since they can simply upload a shell script and instantly gain access to your entire cPanel account, and even entire server if your web host is sloppy on security.
What I'd really recommend when working with freelancers is having two entirely separated hosting accounts... one production to which only you have access to, and one for development to which you give access to freelancers.
|
| Posted by DatServer, 11-20-2014, 10:22 PM |
| I don't think the host can hack you. Try checking your server logs.
|
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
