Any thoughts on best practise for hosting companies dealing with the aftermath of hacking exploits?
Two days ago I noticed a Sitepoint member’s site had been hacked. It appears the exploit affected the whole server including the hosting co’s site. The code being generated by hacked pages has changed since it first appeared, the hackers tags and a link to an external image having been removed, conceivably as a result of the co’s actions, but the member has not reported receiving any notification of the exploit having taken place and is left to clear up as best he can.
What would you expect from a hosting provider in this scenario? Or if you provide hosting, do you have a policy for this?
I believe each web hosting provider DO their best to prevent that. BUT users use various web applications and hackers use the holes in them and hack web sites
My question here concerns how they deal with the aftermath of exploits rather than how they guard against 'em. Have updated original post to clarify this.
Most hosts will suspend the access rights of the website until the issue has been resolved or communicate the issue with the client and help them resolve the problem (or resolve it themselves) to hopefully ensure it won’t reoccur as a result of using (for example) outdated software. The problem is that if they leave an exploited website running, there’s the potential for (alike worms) the exploit to be triggered and affect other people (either visitors being infected by malware or the security of the host being compromised too). It’s a case of isolation, curing the issue, educating on the issue and then resetting the account with new passwords, access rights (etc) to help minimize the chance of penetration re-occurring. Shame exploits are easy to prevent but many people don’t know about them.
It really depends on what the original issue/exploit actually was as to whether it should have easily been prevented.
Many server-wide exploits I’ve found have been due to providers not upgrading their kernels and restarting their servers periodically for security patches.
There are many anti-hacking software are available on the net as well to protect individual page or website.
Secondly, domain must be kept lock at Registrar.
Finally, cPanel must have a difficult password also.
Mostly hosts maintain all server security measures. If anything goes wrong even though, please check ToS/AUP for the terms.
We thing you are talking about damage to your website and business. We think you will not get anything from your host if you ask or claim.
Keep in mind that if you keep regular off-provider backups that the actual damage from such an incident can be limited. Many quality providers run backup systems such as R1Soft where they can keep multiple restore points and as such can restore an entire server back to before a hack exploit or hardware failure if necessary (but don’t rely on it).
