cPanel Security Isn't Good Enough

[barz_00252]

Hi, my site keeps getting hacked, and someone gets access to change my x10 Hosting password. and deletes all my FTP files and changes it. Isn't there any way to enhance the security, and turn " Brute Force Protection " on ? Im getting fed up, as this has happened to me before.

---------- Post added at 03:38 PM ---------- Previous post was at 03:26 PM ----------

Also, i cannot access the WHM section ? can some please fix the security !

 

[calistoy]

WHM is not accessible to any free hosting users because it's the backend for cPanel that is only accessible to higher up admins. Have you been using a long and complicated password to prevent hacking, up to 16 alphanumeric characters? If so, please let us know. Also please let us know if you currently have control over your hosting account.

 

[Livewire]

Another question to ask, is the computer you're accessing the account from secure? If you are currently infested with malware or a keylogger for instance, there would be no need for a brute-force attack since they would be able to read the password right from the malware.

My guesses here, given that the account is 7 days old and it is not occurring to other accounts on the same server, is that either the password isn't a very secure one, or there is something compromising the security of the system/network you are currently on.

 

[barz_00252]

I've changed my password to 12-character password. and i shall scan my PC for keyloggers and malware !

 

[barz_00252]

Also, my password has been changed, once again by whoever is hacking. i've looked for spyware and keyloggers. nothing has been found. anyway to make my account details only changeable by my Computer or IP ?

 

[descalzo]

I am a bit confused.

Also, my password has been changed, once again by whoever is hacking

If your password has been changed, how are you able to log on here?

 

[calistoy]

Most password changes are confirmed through email. Are you sure that your email account isn't compromised? Make sure that there aren't any settings in your email account that forward your emails anywhere else. If possible, change your email to a more secure email account.

The reason I assume this is because a full all account password change is done inside your account panel after you log in there. And the forgot password link in the account panel login page requires you to follow directions from the email sent to you to change your password.

 

[barz_00252]

Yeh, ive changed my email address password to something more secure. hopefully that should help , and im also changing my hosting account password once again, if this doesnt work. il have to change to a different hosting site

 

[calistoy]

Another question:

Is your computer one that you own in your own home that no else has access to? Or is it a computer that you borrow in public that is accessed by multiple people?

 

[GtoXic]

I don't see why you will have to change to another hosting site. Also, there's no one that could be accessing your password on x10 seeing as though the password is stored in an irreversible encryption. Also, I think someone may be able to view the IPs that accessed your account although I'm not completely sure.

Please also read the above post.

 

[barz_00252]

My computer at home isn't accessed by anyone, as they have their own mac laptops, and i have my own pc. and i know my dad and mom wouldn't ever do anything to my site lol. and is there any way that an admin can make my account ONLY accessible by the PC im using, or by my IP address. ?

Thanks for replying guys. its helping me out

 

[barz_00252]

Knowone has access to my PC at home, as its got password on start up, and everyone in my house has their own laptop or pc. and its just me , my mom and dad. so im sure they wouldnt do anything

Also, is it possible for one of the admin's to make my account only accesible by MY IP or Computer ? It'll make life easier.

Thanks

 

[descalzo]

Answer to restricting cPanel/FTP access to your IP: No.

And again, If the hacker changed your password, how are you logging on?

 

[barz_00252]

I did the forgot password, to reset my password. and then changed it to something else. So far i havnt been hacked again, il do the same method, and reply when this happens again -.- , but its annoying

 

[descalzo]

Set up a new gmail/hotmail/yahoo email account.

Change your Account panel etc to the new email address.

 

[barz_00252]

Ooo, i might just do that . Just changed my email . Hopefully this should stop it all ! hehe