The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Reseller - Phishing Accounts

Discussion in 'Security' started by S3RCE, Jun 16, 2016.

  1. S3RCE

    S3RCE Registered

    Joined:
    Jun 16, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Reseller Owner
    Hi all!

    I've got a bit of an issue which is bugging me. I've been doing some website designs and for the past few years have been doing reseller hosting accounts for some of my clients and for myself.

    I have a reseller account, which for the past couple of months has been giving me absolute headache!

    I keep on getting notifications which says that a domain has some phishing content and that the content must be removed - which at this point they suspend the account.

    I have changed cpanel passwords, ftp passwords and even email passwords and cannot seem to locate how these phisers get in to my account to upload content.

    I smell something phishy.. as my provider constantly asks me to use their protection service; and also the fact that they want to charge me for any type of 'looking into' that they want to do.

    Any help/suggestion etc will be greatly appreciated. I'm looking to move away from my provider for this reason!

    Thanks
     
    #1 S3RCE, Jun 16, 2016
    Last edited by a moderator: Jul 5, 2016
  2. amdbuilder

    amdbuilder Member
    PartnerNOC

    Joined:
    Feb 5, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Durham, NC
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Did you check the site for any exploit files and/or backdoors that would allow them to upload files? It sounds like you are doing ok with the account security.
     
  3. S3RCE

    S3RCE Registered

    Joined:
    Jun 16, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Reseller Owner
    Hi Amdbuilder,

    Yes - the funny thing is, some accounts which have no content in have been compromised. This is the bit i don't understand!

    My hosting provider are useless and want to charge me for every single account to have it looked into and keep on referring me to use one of their services - which i think they have an affiliation to.

    So i'm a bit lost as to how they can get in, upload content and leave!
     
    #3 S3RCE, Jun 18, 2016
    Last edited by a moderator: Jul 5, 2016
  4. twhiting9275

    twhiting9275 Well-Known Member

    Joined:
    Sep 26, 2002
    Messages:
    538
    Likes Received:
    15
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Twitter:
    don't blame your hosting provider for your inability to keep things up to date and secure. Obviously, you've missed something, somewhere.
     
    #4 twhiting9275, Jun 18, 2016
    Last edited by a moderator: Jul 5, 2016
  5. S3RCE

    S3RCE Registered

    Joined:
    Jun 16, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Reseller Owner
    Hi twiting9275 - thanks for your constructive response....

    I don't think i've missed anything anywhere. I do periodic password changes, recently changed all passwords on all reseller accounts to 20+ characters, deleted the ftp accounts and somehow i'm still getting files uploaded.

    I've never had this issue up until a few months ago, and when it happens, it constantly happens all together.

    If it was one particular account i can maybe say the client side was infected - but it's happening on several accounts.

    I seriously don't know where to turn. Is there any security measures/addons i can get installed for things like this to stop happening? or maybe block out any IP's that are uploading content.

    I don't want to pay my hosting provider $1 because of the service that i'm getting from them. A few years ago they were good, now their support, service is going downhill. Sometimes waiting over 30minutes to be connected to their online support.
     
    #5 S3RCE, Jun 18, 2016
    Last edited by a moderator: Jul 5, 2016
  6. S3RCE

    S3RCE Registered

    Joined:
    Jun 16, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London
    cPanel Access Level:
    Reseller Owner
    So no one has any idea about this?
     
  7. amdbuilder

    amdbuilder Member
    PartnerNOC

    Joined:
    Feb 5, 2013
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Durham, NC
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    There are other methods to gain access, for example the Remote Access Key in WHM or SSH Keys in the accounts. I'm not familiar with your hosting provider's client area, but if you can access your account from it that's another possible entry point.

    You are going to be somewhat limited in what you can install/do to protect your sites as a reseller. If you aren't getting the level of support or assistance from your hosting provider's to resolve the problem, you may want to consider changing hosts.

    [Removed Reference To Specific Feature - Discussion of specific hosting providers is not permitted on the cPanel forums]
     
    #7 amdbuilder, Jun 22, 2016
    Last edited by a moderator: Jul 5, 2016
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    652
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    It's difficult to troubleshoot this type of issue if you do not have root access to the system. Have you asked your provider for additional information on the files that were uploaded, including relevant Apache log entries for the account?

    Thank you.
     
  9. georgeb

    georgeb Well-Known Member

    Joined:
    May 23, 2010
    Messages:
    48
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Montreal, QC, Canada
    cPanel Access Level:
    Root Administrator
    A user is just a user, the server administrator should go over user to protect user account and server.....That is called professional !!! The admin should inform user that the software is obsolete and to block access to that software until user will fix that. This a server side problem and should be fixed by admins not by user !!!
     
    #9 georgeb, Jun 29, 2016
    Last edited by a moderator: Jul 5, 2016
  10. neil white

    neil white Registered

    Joined:
    Jul 5, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    UK
    cPanel Access Level:
    Reseller Owner

    Hi

    Just to let you know that I had exactly the same issue with my reseller account and they were no help whatsoever and pushed all the blame on to me.

    I had 120 accounts planted with Phishing files which did a lot of harm to many of the domains

    [Removed Actual Domain Name]

    All my provider kept telling was to buy their protection service yet it literally will lockdown a site not a cPanel or WHM account

    Turns out that my provider has been hacked by a group who hit all their reseller accounts
     
  11. acenetgeorge

    acenetgeorge Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2008
    Messages:
    64
    Likes Received:
    2
    Trophy Points:
    8
    Location:
    Southfield, MI
    cPanel Access Level:
    DataCenter Provider
    The only way to keep a website truly secure is to not put it online in the first place. *shrugs* If it is online, it can be messed with. As long as the script and all plugins, themes, modules, etc. are kept up to date, the chance of hacking and phishing is usually low. But there are always chances of new exploits and security holes being found.

    It is generally not the hosting company's responsibility to maintain the security of individual accounts. Make sure to keep recent backups just in case, and be willing to update software and plugins.
     
    amdbuilder likes this.
Loading...

Share This Page