05-24-2019, 01:42 PM
(05-24-2019, 12:54 PM)Manal Wrote: The data breach happened because of unknown reasons. Phishing pages, all similar(Adobe and MS Office login pages) were uploaded multiple times in all my client's cPanel account and was used. I thought it was because of the client's side weak pass password issue as my client is well-reputed ex-cyber security analyst. And, he was paid one.
A few months later, the same phishing page, was uploaded in my other client's account. Strange? But the same?! This happened multiple times and both paid and free were included in this. I'd say this as "breach" that either happened from Shadow Hosting's end due to some missing extension or something because of Hostlease(we had to do compromises multiple times because of missing PHP extensions, port issues, and etc).
This also one of my website(personal) getting defaced by a Pakistani hacker "Hunter Bajwa" earlier this month. There might be some vulnerability on my website, right? Well, I don't think so. Because all that particular cPanel account had was a WordPress installation, 1 MySQL Database, Jetpack plugin, Akismet Plugin, and few popular plugins... I don't think so that these plugins hold any vulnerability that can cause my website getting hacked. But what shocked me the most is that there was another phishing page uploaded on that website. So I became pretty much confirmed that there is a breach from Hostlease's end because that cPanel account wasn't either linked with WHMCS(mostly my personal websites are linked as a client in whmcs).
So a total of 5-6 unknown phishing pages were uploaded in directories which were never made by me nor my even after taking multiple security measures after first 2 were reported. And one website getting defaced and phishing page uploaded in the directory.
And finally, I lost my months of subscription money(I paid for a whole year but it was suspended before even 6 months was completed) because the refund was not liable if terms of service agreement were breached(I was accused so).
Yes, when abuse is made is a refund not longer in place or after 14 days after purchase a product at us. The Reseller (Main user of that accounts) is the one who take care of their user, not us (me or my staff members, only if I or my staff, nor we are we must suspend the specific websites where suspicious files are being uploaded. We got also a fine from OVH about this, so our suspension was very needed.
But now as I have moved to a new node, there has been no issue so far. I run a monthly check on accounts to see if there is any suspicious file uploaded which breaches Shadow Hosting's or my upstream provider's hosting terms of service agreement.
[/quote]
I also no longer allow the provision of Free Hosting because the abuse is highly sought after by hosting providers, when OVH sent me the notifications I also carried out my security update on our system, but although the hackers failed to security breakthrough, so it certainly can't be my security system. As a provider we are not liable for damage / suspension / personal injury. I hope that @Manal can grow better with its new providers, I think it is a shame that this unfortunately had to happen, yet again, @Manal is a very good guy.