ATBHost.net is warning customers on their forums that they’ve noticed FTP security breaches from many account holders. They report that they've managed to block many of the attacks, but some have gotten through becuase of users’ error and folder permission settings.
We have received one confirmed report that a WordPress website was hacked at ATBHost.net and found that they are warning their customers and offering security tips.
During our forensics, we were unable to open several pages at ATBHost, so it is unclear at this time if they’re rebooting or having difficulties with their main website right now. We were able to see one Security Alert they posted on their forum.
jorgei77, an Administrator of ATBHost recommends a few things to make sure your account is protected…
- Never make the public_html directory CHMOD 0755. It should be set to 0750.
- All directories inside public_html should be set to 0755. Never use CHMOD 777.
- All files inside of public_html should be set to 0644. Never use CHMOD 0777. Note: Some php files will require a higher permission to be executed, but this should be chmod 0744. This is the max recommended.
This above “Note” worries us! We never recommend any file be set higher than 0644, including .php files. You should ask them what and why this is necessary. This is a security risk! - Make sure you password is strong! You can use a site like this one: http://www.passwordmeter.com to make sure you have a great password. Anything below 50% is not recommended.
- A good way to keep from people not seeing your directory is to place a blank index.html file in every folder you have (such as your image folder).To make an index.html file to use, just open your notepad program or html editor of choice and add the following lines to it:<html><body bgcolor=”#FFFFFF”></body></html>Then save it as a index.html and upload to every directory you have that does not currently hold an index.html or index.php. You can also add Options -Indexes to your .htaccess files.
- Make sure you have a index.html, index.htm or index.php file inside your public_html folder. Free account holders tend to ignore this because when they add a new domain after they sign up, they upload the files to a new domain folder and leave the public_html folder empty. Hmmm. Maybe there should be a default.html file uploaded with new accounts so this won’t happen.
- Subscribe to their Announcement forum to make sure you receive the latest updates and security alerts from ATBHost.net.
- Make sure your email address is up to date and current on your cPanel & Billing account to make sure you receive our latest news and alerts.
ATBHost advises that if you feel your account’s been compromised to contact them immediately so they can help you solve the issue.
Note: I have fixed some typos found at the ATBHost Forum in their above recommendations for easier reading.
If your WordPress sites been hacked we can help you. We do Malware Removal and Website Restoration.
We need your help…
If your WordPress blog has been compromised on shared hosting at ATBHost.com, please let us know what type of code you found on your infected files. Or describe the symptoms you found on your website by leaving a comment below.
If you know anyone else hosted at ATBHost.net, please forward them this information so they can check their website.
Securely yours,
Regina Smola
WordPress Security Specialist
Follow on Twitter @WPSecurityLock
Become a Facebook Fan
References:
- ATBHost.net forum post – http://atbhost.net/forums/post-24399.html
- AtbWebHost Tweets – http://twitter.com/AtbWebHost
- ATBHost.net Forum post – http://atbhost.net/forums/thread-1058.html
Hi Regina
As always great information and even better tips on how to secure the blog.
I just had one question. By default the public_html is st to 755, when I changed mine to 750 I was forbidden to view the site. When accessing the site you would receive this message: “You don’t have permission to access / on this server.” “403 forbidden”.
I was just wondering why would this be an issue. (host = godaddy) (server = centOS)
Best regards
Yev
The reason for that is because the last number is the permission for public. if you set that to 0 then your saying that public has no access rights. I would be using 644. I hope someone can explain it better for me.
Daniel Fenn
MTA
Hi Daniel
The only reason I tried out 750 is because that’s what the tip had suggested. I too agree that if you set world to 0 then it should not be accessible to the world.
Actually 644 does not work either. The issue seems to be that last 4. The only way I can get the site to come up is by having a 5 or a 1 at the end. It seems that it needs the execute permission to be set. The site will come up with public_html set to 601 but not set to 644.
Just thought I would share this information.
Thanks for the quick reply.
Best regards
Yev
Hello,
Yes, PHP files need execute permission otherwise it won’t work
Daniel Fenn
MTA
You can also get information regarding CHMOD (changing file permissions) on your server here: http://codex.wordpress.org/Changing_File_Permissions
This is a page built for WordPress, but they include details that could be useful for regular static site owners regarding CHMOD. Read it up, it definitely gave me some insight!
Hopefully this will help understand it a bit more.
Your public_html directory needs to be chmod 750 and directories inside should be 755. If you use 755 for your public_html you’re giving up some security.
750 = rw- r-x —
Owner has Read and Write
Group has Read and Execute
Public has no rights
755 = rwx r-x r-x
Owner has Read, Write and Execute
Group has Read and Execute only
Public has Read and Execute only
In order for 750 to work for you, the public_html directory needs to be owned by you and group set to “nobody.” You should contact your web host and ask them to set your public_html to be owned by you “user” and set to “noboby” so you CAN use 750 on your public_html directory.
If they say they can’t do that, switch hosts! Try https://wpsecuritylock.com/hostgator.
No sense in adding extra security risks to your website.
P.S. If you’d ever like a private consultation for questions like these or other WordPress issues, just contact us.