Continual non valid log ins
Background: Created many websites for dog breeders nearly 12 years ago and began reselling hosting with NO ISSUES until this past year. These dog breeders were all friends, I have no outside clients. Now host 60 sites for "friends", All minor websites with basic HTML with only 3-5 hosting any WP script or other softaculous script. Scripts are kept up to date
After 12 years with the same host as a reseller - I began having issues with New files being added for phishing websites
I have scanned local computers with norton and malwarebytes repeatedly
I've changed client passwords and host passwords
Assuming it was a server side issue - I moved hosts, I'm still having issues
I have set all accounts to FORCE PASSWORD CHANGE via WHM
The password modifications come for ALL accounts whether html sites or WP sites
I've blocked MANY IP addresses, new IP's invade daily
Password Change Notifications read like this generally
You have successfully updated your password for the following services:
[LIST]
ftp
mail
MySQL
postgresql
system
webdisk (digest)
If you initiated this change, disregard this email. If you did not initiate this change, contact your system administrator.
This notice is the result of a request made by a computer with the IP address of "105.105.54.231" through the "cpanel" service on the server.
The remote computer"s location appears to be: Algeria (DZ).
The remote computer"s IP address is assigned to the provider: "ADSL BATNA Algerie Telecom"
The remote computer"s network link type appears to be: "generic tunnel or VPN".
The remote computer"s operating system appears to be: "Windows" with version "7 or 8".
The system generated this notice on Sunday, July 23, 2017 at 8:18:29 AM UTC.
I have exhausted everything my host has suggested I do - including setting up Cloudflare
Does anyone have any guidance for a green reseller?
-
Hello, It's difficult to know for sure how the websites were exploited, as they requires root access to the system to review access logs. However, you may find the following threads helpful for preventing future attacks: Best Practice: Securing WordPress Installation How to set up protection on Wordpress Thank you. 0 -
Thank you Not all sites that are attacked are Wordpress sites Would the sites with wordpress allow access to non wordpress? 0 -
Hello, It's not likely, but it's difficult to know for sure without root access to the server to review the Apache access logs. I recommend reaching out to your hosting provider to see if there's any more information they can provide you regarding the attack. Thank you. 0
Please sign in to leave a comment.
Comments
3 comments