Incredibly Worrying - Code On Website Is Hacker Friendly

[Grimers]

Hi Steve,

This is something that I need to bring to your attention. I have been in contact with 123 reg recently regarding frequent periods of loss of service with my website. 123 reg has told me this: "I am sorry for all your troubles, however the security of the website falls under your responsibility. We are responsible for the security of the hosting package, you are responsible for the security of the website. The hack was possible as the website has vulnerabilities in its code that were exploited by 3rd parties to hack the website." Obviously, I am quite worried about it and also frustrated that my website is frequently going down because of this.

Do you have any idea on what could be causing this issue? I have tried to convince 123 reg that it is their problem as they host my website, but they said: "With this being said, I'm afraid that we cannot assist you further as we do not deal with website security issues." So, I am stuck because there's no one else but myself and them who is involved with the website.

Thanks for your help!

Kind regards,

William

[steve]

No idea, sorry. "the website has vulnerabilities in its code that were exploited by 3rd parties to hack the website" isn't very useful. Along with hundreds of other Cumulus users, I've been using the standard MX web site for a long time and never been hacked. Just lucky, I guess.

[steve]

One thought - one common thing that allows hackers in on shared hosting is having incorrect file permissions, which can in some circumstances allow other users (i.e.other 123-reg customers) on the same server to modify your files. Possibly some of the files or directories have permissions which are too "loose". Incorrect file permissions doesn't sound like "vulnerabilities in its code", though.

Without knowing the nature of the hack, it's going to be difficult for anyone here to offer any advice. And your post might have been better in the website section of the forum.

[Grimers]

Thanks for your replies, Steve.

It's strange as some of the files aren't affected! Should I completely wipe the website clean and start from the scratch? Cumulus MX seems to be making no effort to upload the missing files even after a restart...

I've attached ftplog.txt. It seems like Cumulus MX is struggling to upload a lot of files...

[steve]

It's because you've got 'delete before upload' selected and the files don't exist on the server. The released code in MX stops if it can't delete the existing file. 'Delete before upload' is not a recommended setting anyway, it's only there for those rare (broken) ftp servers which won't overwrite existing files.

But yes, if you've been hacked (and it's still not clear to me from what you've said exactly what has happened, you should definitely delete all of your files, in my opinion.

[Grimers]

Weird! I've deselected it and now the files are uploading! Thanks for your help!

[Steepleian]

Hi Steve,

This is something that I need to bring to your attention. I have been in contact with 123 reg recently regarding frequent periods of loss of service with my website. 123 reg has told me this: "I am sorry for all your troubles, however the security of the website falls under your responsibility. We are responsible for the security of the hosting package, you are responsible for the security of the website. The hack was possible as the website has vulnerabilities in its code that were exploited by 3rd parties to hack the website." Obviously, I am quite worried about it and also frustrated that my website is frequently going down because of this.

Do you have any idea on what could be causing this issue? I have tried to convince 123 reg that it is their problem as they host my website, but they said: "With this being said, I'm afraid that we cannot assist you further as we do not deal with website security issues." So, I am stuck because there's no one else but myself and them who is involved with the website.

Thanks for your help!

Kind regards,

William

I have just been looking at 123's performance over the past year or two. They don't exactly have a fantastic record themselves on security etc. Maybe there is a bit of paranoia creeping in on their side. Do you have long to go on your contract as it maybe time to have a look round? Another alternative is to host yourself - its incredibly easy and using a RaspberryPi or an Intel NUC or similar low power device very light on the energy use.

Steepleian

[RayProudfoot]

I bought my web address from 123 but I have never used them for hosting. For the last couple of years I've used the service Steve kindly provides and it's great. Click on the link in his signature.

[ConligWX]

Another alternative is to host yourself - its incredibly easy and using a RaspberryPi or an Intel NUC or similar low power device very light on the energy use.
Steepleian

I can second that!

[Grimers]

Thanks for the replies, guys.

Yes, I have thought about hosting myself, would certainly need to look into it as I have very limited knowledge in that area. Steve, if I do leave 123 reg, would you be happy to host my website?

[steve]

Yes,I offer hosting for anyone who uses Cumulus. Details are in a post in the announcement section.