miCRoSCoPiC^eaRthLinG 0 Report post Posted June 3, 2006 ????[/tab]This is to inform all our members that recently we've been facing a lot of hacking attempts from various upcoming groups - whose sole purpose seems to be defacing our members' sites. In most cases it's just a minor botheration though I've no clue what they're gaining out of it. ????Pertaining to this I'd like to mention that we don't employ a server-side backup mechanism anymore. Long time back we used to perform weekly backup of all our members' sites - but this service has been discontinued for a while now owing to some conflict with the quota system. ????Recently one of our members lost his site to a defacing attack. The hackers got in and completely trashed his site including his MySQL DBs. Unfortunately he didn't have any backups on his own part and neither did we.. hence the whole site was lost and he'd probably have to start from scratch again. Re-desgning pages are still ok - but what hurts most is all the lost posts/content in case you're running a Forum and/or CMS. ????Thus I'd like to stress on the necessity of maintaining regular backups of your site on your own - in case you come under such an attack. To facilitate your backing up job, the cPanel Site Backup option has been enabled to allow you to perform a single-click backup of your whole site. You should do this as often as possible - and at least once every week. Make this into a habit since it's a job that'll take up just a few minutes of your time once a week - but might save you a lot of tears in the long run. [tab]Moreover, most such hacking attempts are usually successful if you're using a weak dictionary based cPanel password - which can be easily cracked using some brute-force password generator/cracker. Thus I'd highly recommend you to keep changing your cPanel passwords from time to time apart from making them as cryptic as possible using combinations of both numerals and upper-case, lower-case letters and if possible punctuation marks. If you find it difficult to remember such passwords, there are plenty of Free and Good Password Managers available for download - where you can store such passwords sitewise for future reference. Best Regards, miCRoSCoPiC^eaRthLinG Share this post Link to post Share on other sites
pyost 0 Report post Posted June 3, 2006 If I may add, if you run a forum, CMS, or any other kind of software that uses databases on your web site, try to find a plug-in that sends a database backup to your e-mail every day. It can be very useful in case you lose all your data. Share this post Link to post Share on other sites
miCRoSCoPiC^eaRthLinG 0 Report post Posted June 3, 2006 If I may add, if you run a forum, CMS, or any other kind of software that uses databases on your web site, try to find a plug-in that sends a database backup to your e-mail every day. It can be very useful in case you lose all your data. True - that'd help a lot too. In any case it shouldn't be all that difficult. I think if you search around the Database forum I'd posted a script long time back - called autobackupsql or something on those lines.. that generates automated full-backups of your specified MySQL DBs at specified intervals. You can just add in another small script in your crontab to mail gzip this file and mail it out to you at regular (weekly) intervals. I found the script I'd posted earlier. It's called automysqlbackup and can be found at this thread: Auto-backup Your MySQL DBs Daily/weekly/monthly Share this post Link to post Share on other sites
yeh 0 Report post Posted June 3, 2006 Hmm... Is this defacing thing common? Or is it just a handful of individuals that have their websites defaced?I have a suggestion. I don't think we can change our username. I'm new here so I could be wrong. When we submit our application, we were ask about our username. I think when we actually sign up using the process form, we need to specify our username. There might be a chance that both of the usernames matches. In fact, there is a high chance if users reply to the application form truthfully. As such, I suggest that approved applications be totally removed from view after maybe, let's say, 2 weeks? Then whoever that tries to use a password generator would have a tough time becoz he/she needs to guess the username as well. Share this post Link to post Share on other sites
nightfox1405241487 0 Report post Posted June 3, 2006 Hmm... Is this defacing thing common? Or is it just a handful of individuals that have their websites defaced?All web hosts usually have this problem. Sometimes it is more than defacing but a hacker gets into the server and just creates or deletes some accounts.I have a suggestion. I don't think we can change our username. I'm new here so I could be wrong.Yep, you can't change your server username. The only way to change it is to delete your account and create it again.As such, I suggest that approved applications be totally removed from view after maybe, let's say, 2 weeks? Then whoever that tries to use a password generator would have a tough time becoz he/she needs to guess the username as well.Usernames need to be 6 characters. So you can still use a brute force tool to associate a username with a password. There really isn't anything that can be done to prevent a hacking attempt. Just save your data.btw, I'm probably going after a degree in network security. I've read the books.[N]F Share this post Link to post Share on other sites
Sarah81 0 Report post Posted June 4, 2006 Thanks for the heads-up, m^e. I keep copies of my files both on my hard drive and on a USB flash drive already. But man I would hate to have to re-create all my junk just because some punks thought that trashing Web sites was fun.I'd like to add one more piece of advice on passwords: don't use the same password for all of your sites. Even just using a variation from one site to the next is better than having the exact same thing everywhere you go on the Internet. Share this post Link to post Share on other sites
lonebyrd 0 Report post Posted June 4, 2006 I just started changing up passwords for things on the internet and on my website stuff. Not that I've been hacked (yet), but, more and more by reading this forum and the like I've come to the conclusion that people as a whole cannot be trusted on the net. And when my site is more developed, I'm definitly gonna need to make sure I know how to back it up. Especially that database thing. And I'll also have to look up that cron job thing about the site back-up too. Thanks for the heads up M^E. I mean, I always knew it was a possibility, but now I know some ways to protect myself. Share this post Link to post Share on other sites
miCRoSCoPiC^eaRthLinG 0 Report post Posted June 4, 2006 I posted the link to that MySQL Automated Backup Script - check it out guys.. it surely is helpful. I'll see if I can come up with some small shellscripts that'll mail out the backed-up data to you at pre-specified intervals..Any other bright suggestions about protecting your data, most welcome :(Regards,m^e Share this post Link to post Share on other sites
cyborgxxi 0 Report post Posted June 5, 2006 Alright, Joe! Thanks for the warning. Man, I feel so bad for that guy who lost his site! I think some government officials should do something about this... or you guys should report this at least. Do you guys have logs and stuff? There should be like a way to track where the attacks came from... it's so not fair for us - just random attacks. I mean, this is just like property assault/damage!! Share this post Link to post Share on other sites
abhiram 0 Report post Posted June 5, 2006 Hey, I've got a problem! My campus server doesn't allow me to connect to port 2083 anymore. Does anyone know of a method to bypass this thing or any other way to backup data? I've tried tunneling using your-freedom but it isn't working. Share this post Link to post Share on other sites
dhanesh1405241511 0 Report post Posted June 5, 2006 (edited) A little backup help for WordPress (WP) running site owners. The Only way till now is to back up WP via MySQL manual backup or by plug-ins. In either case i am still not able to find a complete backup solution, where with one click i can back up the WP DB and also the complete folder where WP is installed (root). Well here's what i've found, but if anyone has more useful plugins then please do share with us.Backing up your DB (WordPress Site)Restoring ur DB (WordPress Site)DB Admin Tools (WP's Plugin Database)..WordPress Backup Shell ScriptOn-Click Backup (Worth a Try)Hope this helps RegardsDhanesh. Edited June 5, 2006 by dhanesh (see edit history) Share this post Link to post Share on other sites
iGuest 3 Report post Posted June 5, 2006 So has anyone tried the cPanel Single Click Backup Tool yet? It looks like a definite time-saver, and the log it sent to my e-mail after backing up my Website looked quite thorough. But I thought it better to ask you guys, in case you have other opinions about it . Share this post Link to post Share on other sites
Omkar™ 0 Report post Posted June 6, 2006 Hey, M^E, please explain to me how exactly the "Backup Site" function in Cpanel works. Cause my site is around 65MB now, and I can't afford to download the whole thing again and again! By the way, if anyone's using phpBB2 forum out there, then there is an option for "Backup MySQL Database" and "Recover MySQL Database" in the Administration Panel. That's pretty useful, as you can download the GZipped DB which turns out to be very small in size! Unless you use other DBs that is! Hope m^e reads this soon, I've worked real hard to build my site, and its not even completely up yet! Share this post Link to post Share on other sites
miCRoSCoPiC^eaRthLinG 0 Report post Posted June 6, 2006 Hey, M^E, please explain to me how exactly the "Backup Site" function in Cpanel works. Cause my site is around 65MB now, and I can't afford to download the whole thing again and again! By the way, if anyone's using phpBB2 forum out there, then there is an option for "Backup MySQL Database" and "Recover MySQL Database" in the Administration Panel. That's pretty useful, as you can download the GZipped DB which turns out to be very small in size! Unless you use other DBs that is! Hope m^e reads this soon, I've worked real hard to build my site, and its not even completely up yet! You can find this option under Site Management Tools in cPanel - the first icon in the last row. It's simply named Backup and when you click it, it gives you an option of backing up your site in your home folder or on a remote FTP server. Usually you'd choose your home folder. What it does is, grab every single file in your site as well as you MySQL and PostGRE-SQL databases and packs all those files in a tar archive. Final step is gzipping this archive. Once done, you'll find a file named like backup-[date].tar.gz. Upon successful backup you should receive a mail somewhat on these lines: pkgacct started. pkgacct version 4.1 - running with uid 0 using time::hires for speedups Copying Reseller Config...Done Copying SSL Certificates, CSRS, and Keys...Done Copying Mail files....Done Copying frontpage files....Done Copying proftpd file....Done Copying www logs............. ......... ......... ......... ......... ......... ......... ......... Done Grabbing mysql dbs............ ......... Done Grabbing mysql privs...Done Grabbing PostgreSQL databases............ Done Grabbing PostgreSQL privileges...Done Copying mailman lists....Done Copying mailman archives....Done Copying homedir....Done Copying cpuser file.......Done Copying crontab file.......Done Copying quota info.......Done Storing Subdomains.... Done Storing Parked Domains.... Done Storing Addon Domains.... Done Copying password.......Done Copying shell.......Done pkgacctfile is: /home/backup-6.6.2006_11-17-14_SITENAME.tar.gz Creating Archive ....Done md5sum is: cd8c232192c344a3743e834dd4913c95 What you stated about backing up MySQL DB is done in this step too - except there you're backing up only your DBs - and this one works on every kind of file and data of your site. Regards, m^e Share this post Link to post Share on other sites
xboxrulz1405241485 0 Report post Posted June 6, 2006 Hey, I've got a problem! My campus server doesn't allow me to connect to port 2083 anymore. Does anyone know of a method to bypass this thing or any other way to backup data? I've tried tunneling using your-freedom but it isn't working. Try using the standard HTTP way to log in using port 2082.If not, use a proxy server.xboxrulz Share this post Link to post Share on other sites
