Non-profit looking for SiteGround paid help
17 views
Skip to first unread message
Steven Clift
Nov 22, 2021, 1:04:46 PM11/22/21
to Minneapolis St. Paul WordPress User Group
SiteGround flagged some exploited files and we need help cleaning them up:
Basically, we need help with our mostly archived site:
1. Cleaning up these files and getting our blog back online
2. WP and plugins upgraded to latest version and as much auto-updating turned on as possible
Bonus:
1. Update our install of Mediawiki and make sure it is essentially locked down (it is in archive mode)
Our "forums" site is not on WordPress, but in a nutshell we are a non-profit digital democracy project going way back to 1994. We have important archives we'd like to keep online for community and historical purposes. More: https://forums.e-democracy.org - As that site's tech is being closed, we will be moving static content to WP in the coming months for preservation as well and our blog.e-democracy.org site could become simply e-democracy.org
We can pay you something for your efforts from previous member donations for your assistance.
Thanks,
Steven Clift
E-Democracy.org volunteer
IMPORTANT: Please do NOT reply to this email. The ONLY way to request assistance and resolve the case is by logging in to your User Area (https://www.siteground.com/login_page.htm) and updating the ticket that has been automatically opened for your convenience. Contacting us by any other means will only slow down the resolution of the case.
Dear Customer,
While conducting our regular server security audit, we detected that the application hosted on your site has become vulnerable to exploits and creates a serious threat to the integrity of the shared server.
We have compiled a list with the suspicious files and it is stored in your account's home folder in a file called suspicious_files.txt:
/home/u563-aughkggf4rkg/www/e-democracy.org/suspicious_files.txt
It can be downloaded either through Site Tools File Manager or using your local FTP client.
To ensure the overall security of the server and all websites hosted on it, we had to temporarily disable access to this application.
We are very much aware of the inconvenience this issue may cause you, so we would like to take a moment and explain the reasons for our actions: as you know, your account is hosted on a shared hosting server and thus sharing the resources of the server with other customers' accounts. If one account and even one application is hacked, this will endanger the integrity of the whole shared server and all other accounts on it. This is why the above explained precaution is absolutely necessary.
Very often sites are compromised because of outdated software or stolen login details. Please check the following article for more information:
https://www.siteground.com/kb/why-was-my-website-compromised/
Next, you may wonder what SiteGround does to protect your site. The answer is:
- By default, we have set all sites to use the latest PHP 7.3 which has register_globals and allow_url_include turned off. This prevents remote code inclusion and variable poisoning.
- We are running a hardened apache version in chrooted environment with suexec. This makes sure that your website is isolated from the rest of the sites.
- We have sophisticated IDS / IPS systems which block malicious bots and attackers.
Unfortunately, the above is not always enough. Most web applications require constant attention and updates to resolve the latest security vulnerabilities.
In your case we can offer you 2 solutions:
1. Clean and secure the site by yourself. After that you should reopen the ticket about this case so that we can confirm the issue is resolved.
2. Security audit performed by our partners from Sucuri. We recommend the website security company Sucuri for malware detection, malware cleanup and malware prevention. Their 2-in-1 Website AntiVirus Website Firewall (WAF) solution supports and protects all websites built on any platform.
https://siteground.com/sucuri
Regardless of which way you choose to approach the problem, make sure to upgrade any applications you are using and their extensions to the latest available release.
Also, provide us with scan results of your local computer with an anti-virus software of your choice, confirming that the same is not infected in any way. You can provide us with the results in the form of a screenshot attached to this ticket.
Thank you for your understanding and cooperation.
Best regards,
Veselin Bochev
System Administrator
SiteGround.com
Dear Customer,
While conducting our regular server security audit, we detected that the application hosted on your site has become vulnerable to exploits and creates a serious threat to the integrity of the shared server.
We have compiled a list with the suspicious files and it is stored in your account's home folder in a file called suspicious_files.txt:
/home/u563-aughkggf4rkg/www/e-democracy.org/suspicious_files.txt
It can be downloaded either through Site Tools File Manager or using your local FTP client.
To ensure the overall security of the server and all websites hosted on it, we had to temporarily disable access to this application.
We are very much aware of the inconvenience this issue may cause you, so we would like to take a moment and explain the reasons for our actions: as you know, your account is hosted on a shared hosting server and thus sharing the resources of the server with other customers' accounts. If one account and even one application is hacked, this will endanger the integrity of the whole shared server and all other accounts on it. This is why the above explained precaution is absolutely necessary.
Very often sites are compromised because of outdated software or stolen login details. Please check the following article for more information:
https://www.siteground.com/kb/why-was-my-website-compromised/
Next, you may wonder what SiteGround does to protect your site. The answer is:
- By default, we have set all sites to use the latest PHP 7.3 which has register_globals and allow_url_include turned off. This prevents remote code inclusion and variable poisoning.
- We are running a hardened apache version in chrooted environment with suexec. This makes sure that your website is isolated from the rest of the sites.
- We have sophisticated IDS / IPS systems which block malicious bots and attackers.
Unfortunately, the above is not always enough. Most web applications require constant attention and updates to resolve the latest security vulnerabilities.
In your case we can offer you 2 solutions:
1. Clean and secure the site by yourself. After that you should reopen the ticket about this case so that we can confirm the issue is resolved.
2. Security audit performed by our partners from Sucuri. We recommend the website security company Sucuri for malware detection, malware cleanup and malware prevention. Their 2-in-1 Website AntiVirus Website Firewall (WAF) solution supports and protects all websites built on any platform.
https://siteground.com/sucuri
Regardless of which way you choose to approach the problem, make sure to upgrade any applications you are using and their extensions to the latest available release.
Also, provide us with scan results of your local computer with an anti-virus software of your choice, confirming that the same is not infected in any way. You can provide us with the results in the form of a screenshot attached to this ticket.
Thank you for your understanding and cooperation.
Best regards,
Veselin Bochev
System Administrator
SiteGround.com
Reply all
Reply to author
Forward
0 new messages