Results 1 to 4 of 4
  1. #1
    Certified Newb DORK
    Join Date
    May 2011
    Location
    European Union
    Posts
    15

    Question What is Certified Hosting doing about Symlinks attacks

    My websites have now been twice the victim of Symlink attacks, I posted about it first on this thread and I reported the second attack to support (Ticket: ZOX-325404: iCertified customer is hacking me)

    Symlink attacks are a serious security hole in shared hosting servers, the attack is launched from one of your server neighbouring accounts and not yours, it doesn't really matter if the you have everything up to date or not, there is very little one can do.

    There is information on the Internet about how this kind of attack works and YouTube has some disturbing videos, posted by hackers, on how a low skilled hacker can get into your accounts in 5 minutes once they have someone else account on the same server. It appears to be a widespread problem all over the hosting industry, cPanel and WHT forums also carry some threads.

    I was wondering if anyone from the tech department who is around can inform of what is Certified Hosting doing to stop this kind of hacking attacks where one user account on a shared server is able to read another user account configuration files (username+password) hosted on the same shared server using symlinks.

    It is very frustrating being hacked when everything is up to date, this seems to be a shared hosting problem.
    Last edited by malcarada; 06-07-2012 at 12:42 AM.

  2. #2
    Head Nerd In Charge Kacy CEO's Avatar
    Join Date
    Feb 2009
    Location
    So Cal
    Posts
    13

    Default

    This is being addressed and proper measures are being taken to correct this issue.
    Thank you for your post.
    Kacy CEO
    Head Nerd In Charge
    certifiedhosting.com

  3. #3
    hostneema
    Guest

    Thumbs up Hostakers - free hosting | secured web hosting | $1 unlimited hosting | web hosting

    Symlink creats same copy as a mirror of server or particulr configuration fileso if u want to protech from symlink attach install cloud linux or disable ln -s command

    Thanks,
    www.hostakers.com

  4. #4
    Certified Newb DORK
    Join Date
    Apr 2017
    Posts
    18

    Default

    I think to protect your website from these kind of attacks I think first you need to scan website for vulnerabilities, so that you can find some errors in it. It is possible that this could be the reason that your website is been attacked again and again.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •