ATBHost.net is warning customers on their forums that they’ve noticed FTP security breaches from many account holders. They report that they've managed to block many of the attacks, but some have gotten through becuase of users’ error and folder permission settings.
We have received one confirmed report that a WordPress website was hacked at ATBHost.net and found that they are warning their customers and offering security tips.
During our forensics, we were unable to open several pages at ATBHost, so it is unclear at this time if they’re rebooting or having difficulties with their main website right now. We were able to see one Security Alert they posted on their forum.
jorgei77, an Administrator of ATBHost recommends a few things to make sure your account is protected…
- Never make the public_html directory CHMOD 0755. It should be set to 0750.
- All directories inside public_html should be set to 0755. Never use CHMOD 777.
- All files inside of public_html should be set to 0644. Never use CHMOD 0777. Note: Some php files will require a higher permission to be executed, but this should be chmod 0744. This is the max recommended.
This above “Note” worries us! We never recommend any file be set higher than 0644, including .php files. You should ask them what and why this is necessary. This is a security risk!
- Make sure you password is strong! You can use a site like this one: http://www.passwordmeter.com to make sure you have a great password. Anything below 50% is not recommended.
- A good way to keep from people not seeing your directory is to place a blank index.html file in every folder you have (such as your image folder).To make an index.html file to use, just open your notepad program or html editor of choice and add the following lines to it:<html><body bgcolor=”#FFFFFF”></body></html>Then save it as a index.html and upload to every directory you have that does not currently hold an index.html or index.php. You can also add Options -Indexes to your .htaccess files.
- Make sure you have a index.html, index.htm or index.php file inside your public_html folder. Free account holders tend to ignore this because when they add a new domain after they sign up, they upload the files to a new domain folder and leave the public_html folder empty. Hmmm. Maybe there should be a default.html file uploaded with new accounts so this won’t happen.
- Subscribe to their Announcement forum to make sure you receive the latest updates and security alerts from ATBHost.net.
- Make sure your email address is up to date and current on your cPanel & Billing account to make sure you receive our latest news and alerts.
ATBHost advises that if you feel your account’s been compromised to contact them immediately so they can help you solve the issue.
Note: I have fixed some typos found at the ATBHost Forum in their above recommendations for easier reading.
If your WordPress sites been hacked we can help you. We do Malware Removal and Website Restoration.
We need your help…
If your WordPress blog has been compromised on shared hosting at ATBHost.com, please let us know what type of code you found on your infected files. Or describe the symptoms you found on your website by leaving a comment below.
If you know anyone else hosted at ATBHost.net, please forward them this information so they can check their website.
- ATBHost.net forum post – http://atbhost.net/forums/post-24399.html
- AtbWebHost Tweets – http://twitter.com/AtbWebHost
- ATBHost.net Forum post – http://atbhost.net/forums/thread-1058.html