Knowledgebase: General
Account Security
Posted by on 06 December 2012 05:21 PM

We deploy multiple levels of security here at Arvixe to protect your accounts data. It's important to remember though, that a secured server will not fully protect you from an account becoming compromised, if the scripts running are vunerable, or your PC itself is compromised. 

A few common reasons an account could become compromised include:

  • Weak FTP password that can be guessed by a hacker (choose a strong password and we recommend connecting using SFTP)
  • Loose permissions on folders that can allow hackers to upload malicious content (check and make sure that file permissions are set to 644 and folder permissions are 755). 
  • Outdated software (plugins, addons, themes, etc) that has security vulnerabilities that are not patched (make sure that all scripts on the account are up to date and have the most recent security patches). If you are no longer using a script, we recommend uninstalling it as soon as possible. 
  • Infected computer uploading data to the site that is becoming infected itself. (It is best to scan your computer for Malware using Malwarebytes, Spybot, and NOD32 to remove any malicious pieces of software that may be the culprit) Test your pc here (use full scan/clean options): http://www.eset.com/online-scanner 

Malware monitoring and cleanup:

We have a partnership with a company called Securi, which provides malware monitoring and exploit cleanup services for a fee. They can be reached at go.arvixe.com/sucuri

IMPORTANT: Once your account has been compromised, it is very likely that the intruder will leave a backdoor to easily gain access later. That’s why only fixing your vulnerable code might not be enough. Finding the backdoors will be time-consuming and expensive (requiring a professional developer). That’s why you might prefer to start your site from scratch.

Unfortunately the help we can provide in these situations are limited as there are just to many variables that we do not control. You can submit a ticket to our support system to perform a Linux Malware Detect scan on your hosting account and have us quaritine some of the exploited files, but you will still need to identify how the account was compromised in the first place. You can also restore a backup of your account from within your control panel under R1Soft. 

Specifc tips to hardening certain scripts:

Wordpress
  • Upgrading (http://blog.arvixe.com/how-to-update-wordpress-to-latest-version/)
  • Hardening (http://codex.wordpress.org/Hardening_WordPress)

Joomla 

  • Upgrading (http://docs.joomla.org/Upgrade_Instructions)
  • Hardening (http://docs.joomla.org/Security_Checklist/Joomla!_Setup) 


(20 vote(s))
Helpful
Not helpful

Comments (8)
John Sands
07 November 2013 08:54 PM
Thank you for this information but there are parts that I do not understand or which are not applicable.
My websites have been created using RV Sitebuilder. References to FTP password are therefore meaningless to me. How is it possible to obtain the FTP passwords used within RV Sitebuilder?
Regards
John Sands
Michael Carr
20 November 2013 11:02 AM
RVsitebuilder will simply create site files for you and save them in your web root. There is no special FTP account to access those files, you will simply connect using the default FTP details (same login/pw as the control panel) and you will be able to view all of your files.
winex
11 December 2013 05:34 PM
Thanks, very good info. Arvixe have all the best things!
ANTHONY ABOH
12 June 2014 11:07 AM
I have changed my password to a strong one. Dont know what else to do
Michael Carr
20 June 2014 10:18 AM
Ensure that your local computer is free of viruses by running a scan of your local system. We can also scan your account for back doors, simply contact support for that request.
Ana
05 November 2014 12:16 AM
So what are the detailed security functions of Arvixe?
Ken Davies
16 February 2015 06:10 AM
So I changed pass word for my web site. Same thing happened. Someone in fact made 2 new pages about woman's hand bags, and my site is all about Kayaks. Sick of this.
Ryan C
26 February 2015 02:40 PM
I'm afraid there is more to security than simply changing yoru accounts password, for example for just the control panel and maybe the script (ex: Wordpress, Joomla, etc). You need to closely follow this guide to ensure your account remains secure.

Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).