Reader of the Extra Cash Systems Weblog, you are appreciated, and I want you to know about things that are important to you, and your Extra Cash Systems generation.

Maintaining a secure webhost server is one of those things that is important to generating Extra Cash Systems. The following is an email reply I received from one of my webhosts, regarding possible security issues on said webhost. I hope you find it as useful as I did…

It is possible that a hacker could obtain your cpanel password through use of malware or viruses on your PC. There do exist (we see them a good bit) viruses that will infest a computer, and actually record keystrokes and the fields that they are used in.

If someone uploads a shell program to your webhost, such as a PHP Shell, then they can execute programs and explore the server with all the rights you have. However, your account really can’t do anything outside of your home directory. It is possible for a user to look at the account names of other users, but there is no way to view inside their directories, or take any action of any kind in another user’s directory. It is also not possible for someone using a PHP Shell to make changes on any file on the server that is not owned by the user that the shell is running as.

Here is a list of steps that you can take to ensure your sites remain secure:

1. Use the following online vulnerability scanner and ensure your software is up-to-date: http://secunia.com/vulnerability_scanning/online/?task=load

2. Download anti-virus and fully scan your PC for malicious files. Here are some free online scanners for Windows, which is typically the most vulnerable to infection. If you have a different OS, there are similar programs that can be located and run on your system to protect it in the same way:

MalwareBytes ( http://www.malwarebytes.org/ ) and

ComboFix ( http://www.bleepingcomputer.com/
combofix/how-to-use-combofix ) have been reported to be able to clean a recent strain of malware that resists detection by almost all other anti-virus agents. It is highly suggested that you use one or both of them and one of the following:

-http://housecall.trendmicro.com/

-http://www.bitdefender.com/scan8/ie.html

-http://www.kaspersky.com/virusscanner

-http://support.f-secure.com/enu/home/ols.shtml

-http://www.eset.com

3. Update all passwords for any account that you access/own that may not be up to standards. Any passwords that have been compromised will need to be changed as well. Standards for secure passwords are available: http://en.wikipedia.org/wiki/Password_strength
#Guidelines_for_strong_passwords

4. Ensure that all scripts/plugins/modules/components are updated to the most recent released version, as new versions are released primarily to address known security vulnerabilities in these sites.

5. Keep your computer secure from malware infecting it. If your computer is compromised, your account can be compromised through your password being used to access it.

- Ensure you use the latest browser version; Ensure that said browser subscribes to Google’s blacklist API (Mozilla Firefox, Google Chrome, Safari)

- Disable javascript

- Use the firefox addon noscript

- Make sure your antivirus has a subscription to new database and version releases. This may cost some amount of money, but is well worth the expense.

- Use http://www.avg.com.au/index.cfm
?section=avg&action=onlinescan to test suspicious links you are given in emails or find online.

6. Ensure that all database configurations for your account are using a custom generated user and password combination, and that this information is not stored in plain text if this is feasible. Using your cPanel username and password to access your databases for your site may be convenient, but it introduces an incredible security risk.

7. Audit your account for unnecessary scripts, such as file uploaders. Ensure that if they are necessary that they are password protected, or if that is not feasible that they check the file type before allowing upload, to prevent upload of certain types of files.

8. Confirm that the permissions on the public_html folder is set to 750, as permissions of 755 will allow excessive amounts of malicious activity to the account.

9. Ensure that extended logging is enabled on your account so that any compromise can be investigated, as logs are regularly removed when statistics are run.

I mentioned the issue I was having, and thought that others were, over at the Warrior Forum, on this thread: Have You Been Hacked/Defaced?

Bottom line? Act on the advice shown above. You’ll be better off in the long run, and will keep your Extra Cash Systems safe, and profitable…