Hello!
First, I confess that I am posting this question out of some degree of laziness, since I am confident that, in time, I'm perfectly capable of discovering the answer on my own. But, appreciating that the subject of server security is a vast and dense subject and confident I have put forward some small token against due diligence by having buried myself in the subject, I'm hoping someone might indulge me a moment and save me some time by pointing me in the right direction.
For the sake of brevity, the short version is that I recently bought a bargain-basement reseller account and have discovered that I am unable to log in securely via "https://myexamplesite.com:2082" (although http works fine). I am severely limited in terms of what I can do with WHM besides apportion disk-space and bandwidth to my domains and lack SSH access, but would prefer to remedy the problem myself if at all possible. Regardless, I want to understand the solution myself, even if my sole recourse is to hassle the guy whom I bought my reseller account from.
Further, this is a subject I've procrastinated on in such a way as to have been given the worst possible impetus to finally get off my duff: previously, my sites had been hosted by a friend with a similar reseller set-up through the same outfit, and I recently returned from a road trip to discover my site had been hacked and subsequently vandalized. Apparently, someone had broken in using r0nin (a rootkit I still haven't been able to learn much about) and from there, deleted half my database, presumably as a courtesy in order that I might finally learn the error of my slothful ways.
Since then, I've moved my sites to different machines, installing my embarrassingly outdated backup databases with fresh copies of my scripts, decent passwords and an attempt to create an automated backup system via cron (which hasn't run successfully yet, perhaps for reasons that relate to my inability to log in securely).
So far, no blood ergo no foul, since this is my hobby and not my livelihood, but if I'm not mistaken, I may as well have simply set everything up with blank passwords and opened up file permissions to the universe at large and its dog, since logging in via http broadcasts everything I do as cleartext.
So, can anyone point me in the right direction?
First, I confess that I am posting this question out of some degree of laziness, since I am confident that, in time, I'm perfectly capable of discovering the answer on my own. But, appreciating that the subject of server security is a vast and dense subject and confident I have put forward some small token against due diligence by having buried myself in the subject, I'm hoping someone might indulge me a moment and save me some time by pointing me in the right direction.
For the sake of brevity, the short version is that I recently bought a bargain-basement reseller account and have discovered that I am unable to log in securely via "https://myexamplesite.com:2082" (although http works fine). I am severely limited in terms of what I can do with WHM besides apportion disk-space and bandwidth to my domains and lack SSH access, but would prefer to remedy the problem myself if at all possible. Regardless, I want to understand the solution myself, even if my sole recourse is to hassle the guy whom I bought my reseller account from.
Further, this is a subject I've procrastinated on in such a way as to have been given the worst possible impetus to finally get off my duff: previously, my sites had been hosted by a friend with a similar reseller set-up through the same outfit, and I recently returned from a road trip to discover my site had been hacked and subsequently vandalized. Apparently, someone had broken in using r0nin (a rootkit I still haven't been able to learn much about) and from there, deleted half my database, presumably as a courtesy in order that I might finally learn the error of my slothful ways.
Since then, I've moved my sites to different machines, installing my embarrassingly outdated backup databases with fresh copies of my scripts, decent passwords and an attempt to create an automated backup system via cron (which hasn't run successfully yet, perhaps for reasons that relate to my inability to log in securely).
So far, no blood ergo no foul, since this is my hobby and not my livelihood, but if I'm not mistaken, I may as well have simply set everything up with blank passwords and opened up file permissions to the universe at large and its dog, since logging in via http broadcasts everything I do as cleartext.
So, can anyone point me in the right direction?
