ScalaHosting – Security Made Better
The number of attacks on the internet are increasing daily. As a result, more and more web sites are getting hacked and used for various abuse related actions. Those include uploading phishing web sites, sending SPAM, flooding networks, cracking passwords and others. The problem is most of the clients are not tech savvy and they don’t know how to secure their accounts and keep them secure all the time. In that way the attacks happening all the time on the internet will not be able to affect them. A compromised account on the server can cause many problems. First of all, it can SPAM, upload phishing web sites to steal credit cards but it may also be used to compromise other accounts on the server which are not secure. The most recent way used by hackers is creating symlinks to the configuration files of other clients which contain their login information for MySQL. Those details include the database name and the mysql username and password. They can be used to compromise that account. We have an article in our knowledge base about security of web sites which can be accessed at https://www.scalahosting.com/kb/my-account-has-been-compromised-how-do-i-fix-it/ however that article didn’t make our clients to secure all the web sites they host. That is why we decided to do something from our end which would make our clients’ web sites more secure. We implemented a system on all our servers which would find the configuration files of the web sites and change their permissions to 600. That will make those web sites secure and they will not be compromised in case of a local symlink attack which happens very often these days and is widely used. We monitored how the system works and it secured many thousands of web sites across all our servers. We were amazed to see how many insecure web sites are hosted on our servers and we are glad we are able to make them more secure.
We are also adding custom patches for PHP which would give hackers hard time to compromise accounts on our servers. We are updating our mod_security rules as well which will block most of the web attacks.
Clients must still continue to update their scripts and modules to latest version. If they are using an outdated script or module they can still get hacked. Make sure to use hard to guess passwords too.