[Manal]

"Our whole node has been shifted too from Hostlease to another network due to multiple times our data was breached."

Thanks for the info and congratulations on the changes. I would like to know more about the data breach part, if possible to disclose. Like what kind of breach, how did you discover and what makes you think it won't happen at the new provider?

I am always very curious about data breach at the physical server location and by the providers.

The data breach happened because of unknown reasons. Phishing pages, all similar(Adobe and MS Office login pages) were uploaded multiple times in all my client's cPanel account and was used. I thought it was because of the client's side weak pass password issue as my client is well-reputed ex-cyber security analyst. And, he was paid one.

A few months later, the same phishing page, was uploaded in my other client's account. Strange? But the same?! This happened multiple times and both paid and free were included in this. I'd say this as "breach" that either happened from Shadow Hosting's end due to some missing extension or something because of Hostlease(we had to do compromises multiple times because of missing PHP extensions, port issues, and etc).

This also one of my website(personal) getting defaced by a Pakistani hacker "Hunter Bajwa" earlier this month. There might be some vulnerability on my website, right? Well, I don't think so. Because all that particular cPanel account had was a WordPress installation, 1 MySQL Database, Jetpack plugin, Akismet Plugin, and few popular plugins... I don't think so that these plugins hold any vulnerability that can cause my website getting hacked. But what shocked me the most is that there was another phishing page uploaded on that website. So I became pretty much confirmed that there is a breach from Hostlease's end because that cPanel account wasn't either linked with WHMCS(mostly my personal websites are linked as a client in whmcs).

So a total of 5-6 unknown phishing pages were uploaded in directories which were never made by me nor my even after taking multiple security measures after first 2 were reported. And one website getting defaced and phishing page uploaded in the directory.

And finally, I lost my months of subscription money(I paid for a whole year but it was suspended before even 6 months was completed) because the refund was not liable if terms of service agreement were breached(I was accused so).

But now as I have moved to a new node, there has been no issue so far. I run a monthly check on accounts to see if there is any suspicious file uploaded which breaches Shadow Hosting's or my upstream provider's hosting terms of service agreement.