Portal Home > Knowledgebase > Articles Database > ResellersPanel - Wordpress CONSTANTLY being exploited


ResellersPanel - Wordpress CONSTANTLY being exploited




Posted by UncleVirus, 05-19-2014, 04:47 AM
Good morning all, we've had a reseller account with resellerspanel / LiquidNet for around a year now. We've been shifted servers twice now, which hasn't been a huge problem but what has is the constant notification that customers' wordpress installations have been compromised. We have wordpress installations running 10-15+ plugins, old themes, etc on an old site we don't use any more with HeartInternet and the site has remained as it was, on a 2 year old version of Wordpress completely untouched. Is there something this host isn't telling me? Are they not secured at a host level very well? I'm constantly getting told that I'm not keeping wordpress up to date, leaving vulnerable plugins installed, etc. I only ever install WordFence security and the usual akismet etc - Never anything additional yet these sites are STILL getting exploited no matter what. Can someone in the know please advise? I'm tempted to put cloudflare in front of the installation(s) to prevent some malicious attempts but that's not the ultimate answer here! Appreciate your help in advance - This is keeping me at wits end currently and if it's a host-based problem I need to know so I can begin shifting customers elsewhere!

Posted by HostWithLove_Cody, 05-19-2014, 06:00 AM
If you are using an outdated version of WordPress from 2 years ago, then yes, it is very vulnerable to attacks and exploits. This will happen regardless of how properly secured a server is. It is necessary to update your scripts/plugins/themes to the latest version released by the developers to address any known attacks and exploits.

Posted by UncleVirus, 05-19-2014, 06:04 AM
No no no, I think you misread my post - I had an old site hosted from back in 2010 with an extremely old version of wordpress on that hadn't been updated in years, yet this still managed to remain untouched! (Heart Internet hosting) Why is it that my brand new wordpress installation on ResellersPanel manages to get exploited time and time again with a fresh wordpress install kept right up to date with zero plugins?

Posted by HostWithLove_Cody, 05-19-2014, 06:12 AM
Sorry about that. Regarding the older WordPress version not being exploited, it really depends on the viewership of that website as well. There are a lot of factors leading to a website being exploited and popularity is one of those, though it is hard to imagine the chances of a brand new installation (without any or much content I presume) being attacked so often. It will be hard to confirm whether there is a server vulnerability without knowing their exact settings, but I imagine there would be a lot more mention of this on the forums if this was indeed due to a server vulnerability. Have you raised the fact that your WordPress installation as well as its themes/plugins are up to date? May I ask how the fresh installations were being carried out? Uninstalling and installing via a script installer? Did you also recreate the cPanel account? What is the default version of PHP being used on their server?

Posted by UncleVirus, 05-19-2014, 06:16 AM
Hi Cody, no problem buddy! - I must admit, I've primarily been using the Fantastico method to install them - But changing the automatically generated queries. The host recently notified us they were moving away from the Fantastico panel across to the next best thing (Softaculous) - Not sure if this is related to potential security or is due to financial/licensing motives but now that I think about it, I should probably be installing them manually. Are there any noticeable security holes in a fantastico-installed Wordpress installation that I should be aware of? (e.g config files dropped in the public_html folder in plaintext, etc) Thanks for the help Cody, appreciated!

Posted by HostWithLove_Cody, 05-19-2014, 06:20 AM
That may be the cause of the issue. Fantastico is known for releasing scripts updates much slower compared to other script installers such as Softaculous which is very popular amongst hosting providers, so even though Fantastico may be saying that your script is "up to date", but in actuality it could well be outdated. The latest version of WordPress at the time of this post is version 3.9.1 - what is the version that Fantastico is installing for you? Another thing I would like at is the version of PHP that is being used. If you were using either version 4.4 or 5.1 then there would be some vulnerabilities.

Posted by UncleVirus, 05-19-2014, 06:21 AM
Actually, after re-reading the email it appears there may be more to this than meets the eye.... Please see attached JPG! Attached Thumbnails  

Posted by UncleVirus, 05-19-2014, 06:25 AM
Also, PHPINFO shows PHP Version 5.4.27

Posted by HostWithLove_Cody, 05-19-2014, 06:28 AM
Looks like they have at least identified the cause of the issue. In the interim, I would recommend recreating the cPanel account and installing the WordPress script manually. Just make sure you are installing the latest version from the WordPress website directly which is 3.9.1 at the time of this post. That version should be fine.

Posted by UncleVirus, 05-19-2014, 06:30 AM
Thank you for the advice Cody - I think I may start installing the wordpress installations manually as a matter of course. The fact the host deemed it enough of a decision to change completely may well indicate that there was a security issue with sites installed using Fantastico. I'll query them directly on this and see what they come back with...!

Posted by HostWithLove_Cody, 05-19-2014, 06:31 AM
You are welcome. Let us know how it goes and lets hope everything works out well for you.

Posted by cncwebsolutions, 05-27-2014, 03:02 PM
I'm a huge fan of cloudflare to help mitigate WP attacks. If you go with the pro plan they have a wordpress set of rules that will help. I've been using it for a few months and see that their firewall rules (waf) work well.

Posted by CircuitoX, 05-28-2014, 09:28 PM
Here one of the best guides for protecting your wordpress. http://goo.gl/XHPL9O

Posted by Steven, 05-30-2014, 03:32 PM
The problem is not going to be fantastico.

Posted by WebHostON, 05-30-2014, 04:45 PM
If the issue is not Fantastico do you mean that there is another Wordpress vulnerability we aren't aware of, or another vulnerability on the servers?

Posted by RosenHost, 05-31-2014, 08:02 AM
WP installations get exploited easily if admins are not careful. Additional plugins and untrusted themes are also major sources of WP hacks.

Posted by HostingResellerGroup, 06-02-2014, 04:11 AM
I have experience of ResellersPanel since 2005 and I know them as being on the stricter side when it comes to security versus "client freedom". As far as I can judge, they work fairly hard on maintaining a secure environment, at least more than other hosting services I've used. So yes, mask that you're using WP, use stricter file/folder permissions, change login url, and keep your stuff upp to date



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Weird router packet (Views: 559)
rvskin (Views: 606)
EXIM Question (Views: 595)