Scalable hosting solutions
+1 (866) 894-8284
Loading...
Logging in ... please wait

Scala Hosting – Security made better

The number of attacks on the internet are increasing daily. As a result, more and more web sites are getting hacked and used for various abuse related actions. Those include uploading phishing web sites, sending SPAM, flooding networks, cracking passwords and others. The problem is most of the clients are not tech savvy and they don’t know how to secure their accounts and keep them secure all the time. In that way the attacks happening all the time on the internet will not be able to affect them. A compromised account on the server can cause many problems. First of all, it can SPAM, upload phishing web sites to steal credit cards but it may also be used to compromise other accounts on the server which are not secure. The most recent way used by hackers is creating symlinks to the configuration files of other clients which contain their login information for MySQL. Those details include the database name and the mysql username and password. They can be used to compromise that account. We have an article in our knowledge base about security of web sites which can be accessed at https://www.scalahosting.com/clients/knowledgebase/1/My-account-has-been-compromised-How-do-I-fix-it.html however that article didn’t make our clients to secure all the web sites they host. That is why we decided to do something from our end which would make our clients’ web sites more secure. We implemented a system on all our servers which would find the configuration files of the web sites and change their permissions to 600. That will make those web sites secure and they will not be compromised in case of a local symlink attack which happens very often these days and is widely used. We monitored how the system works and it secured many thousands of web sites across all our servers. We were amazed to see how many insecure web sites are hosted on our servers and we are glad we are able to make them more secure.

We are also adding custom patches for PHP which would give hackers hard time to compromise accounts on our servers. We are updating our mod_security rules as well which will block most of the web attacks.

Clients must still continue to update their scripts and modules to latest version. If they are using an outdated script or module they can still get hacked. Make sure to use hard to guess passwords too.

7 Comments

  1. José

    September 26, 2012 / 10:17

    File and Folder Access Check – Checking if configuration.php is outside of public html

    There are several ways to protect such sensible files from public access, but most of them are not as feasible. A good way to protect your configuration.php file is to simply move it to a non-public folder. However, note that this isn’t a simple copy and paste operation, certain modifications have to be made. Below we will provide step by step instructions on how to achieve this.

    Step 1 : Move configuration.php to a safe directory outside of public_html.

    Step 2: You will have to modify the /includes/defines.php and /administrator/includes/defines.php files, more precisely, this constant:
    define( ‘JPATH_CONFIGURATION’, JPATH_ROOT );

    If, for example you wish to move the file up one level and into a folder named “test” the constant will look like this:
    define( ‘JPATH_CONFIGURATION’, JPATH_ROOT.DS.’..’.DS.’test’ );

    Step 3: Make sure the configuration.php is not writable at all, so that it can not be overridden by com_config.

    Step 4: If you need to change configuration settings, do it manually in the relocated configuration.php.
    Note:
    Using this method, even if the Web server somehow delivers the contents of PHP files, for example due to a misconfiguration, nobody can see the contents of the real configuration file. Having into consideration the downside if not beeing able adjust the global settings it is still a good method of protecting against mallacious attacks.

    Joomla can be used. RSFirewall is a very good protection

    1. Mourad

      September 26, 2012 / 10:50

      Good news and useful post thank you.

    2. Siam Naulak

      September 26, 2012 / 20:49

      This is a good trick, I never know about this. Will try and use it.. thank you so much

  2. Leo Jar

    September 26, 2012 / 11:30

    Very useful, thank you for this, i wanna try this.

  3. .COM kinda guy

    September 26, 2012 / 11:50

    Great work!

    Good news for those who are not tech-savvy, and also good for additional security!

    🙂

  4. miktham

    September 26, 2012 / 18:19

    I had this hacking issue on all my joomla sites recently. this will be great help from scala.

    miktham

  5. Siam Naulak

    September 26, 2012 / 20:50

    Good to hear that we are more safe… cheers!

Write a Comment

Required*