Web Hosting Nightmare

by on September 16th, 2008

Web hosting has been always a tricky question for webmasters. Sometimes you get satisfied with current hosting provider but its all a matter of time. I have experienced a loss recently. Mistakes might be mine also but some hosts do not cooperate enough to secure you but they leave you in critical time. I will not name the host. But I will reveal a critical situation I have been in. My Web hosting account was hacked. Web host suspended away my account and recommended me to move host.

Possible Reasons Involved

  • I was busy and away from my web account
  • I was using old versions of WordPress software
  • I was not aware of critical threat about website vulnerabilities
  • Too much reliance on host
  • Uploading of different open source software at my web host for checking purpose
  • Uploading of unsecured forms

Consequences

My hosting provider scanned my website and suspended my account. They informed me that there are some malicious scripts at my website. I checked these and deleted which I could find. Soon enough there were more found and support from host told me to move host.

What I had To Do

They suspended my account. My seven websites Including blogs also went down (These were at same web account). I had just Control Panel and ftp access. I downloaded data and databases. Setup blogs at local host. Exported my posts. Got shifted to new host. Transferred domain names. Uploaded new WordPress software. Imported posts. Took long time.

What Web Hosting Providers Could Have Done?
  • They could told me all vulnerabilities and locations of scripts to me so that I could get rid of those
  • They could advise me to download all data and after cleaning upload it
  • They could themselves remove all vulnerabilities as I gave them permission to do so because they are supposed to be more technical in this
After This What I Could Conclude
  • Web host will suspend your account and can delete it anytime whenever they will feel that you are in trouble and they will tell you to move host, doesn’t matter you tell them that you are not quiting and will try to fight back against threats
  • Always upgrade new version of software
  • Get a website scanner and scan website for cross site scripting threat and other vulnerabilities
  • Well manage your .htaccess and robots.txt file
  • Take care about directories and file permissions
  • Do not upload unnecessary open source CMS or scripts for checking unless you know about it fully
  • Get a Unix based web hosting
  • Do not put all websites in one webhosting account (If you have enough budget then I will recommend you to take separate web hosting account for each domain and website)
My Recommendation
  • Get DreamHost Web hosting (Unix Based) Dreamhost Web Hosting
  • Get Website vulnerability scanner Acunetix Cross Site Scripting Scanner Free Version
  • Get latest version of WordPress Download Latest Version
Know More About WordPress Vulnerability

Old wordpress version can get your blog banned from google
WordPress SQL injection vulnerability
Wordpress upgrade importance
Wordpress Vulnerabilities list, Blog watch
Wordpress Exploit Scanner Plugin
How to know that your blog is vulnerable or being hacked


Share