Assistance with hacked or defaced websites

Dear Customers,

What happens when a site gets hacked? Well, every website on the Internet is now a potential target for a hacking attack and no one is actually fully protected against a headache of this kind. So if a site gets hacked, it would be unfair to blame the site owner.

Most hosting providers today though, prefer not to engage with hacked sites as this means plenty of troubles for the server, including infected data and excessive server loads. It usually results in the customer becoming a 'persona non grata' whose account is suspended until the issue is solved.

What if the customer is not able to deal with the issue, as is most often the case?

This is where the human side of a technical service comes into play. Experience has taught us that putting more effort into solving an issue means a better pay off than avoiding that extra effort and therefore, letting the customer go risking the chance of him/her never coming back.

This is why, we are now in a position to offer help with hacked sites within reasonable limits.

When our technical support team receives a report that your site has been hacked, they first try to get in touch with you and to provide advice on how the issue can be solved quickly.

If you are not experienced enough to follow the instructions, our technicians then will take the case in their hands.

Please keep in mind though that providing help with hacked sites is not an official service-level guarantee.

For your reference, we are copying below the instructions our team has prepared for when a hacker hits your site.

Dealing with hacked sites

instructions from the technical support team

  1. Take your site offline
  2. Take your site offline temporarily, at least until you know that you have fixed the issue.

  3. Make a damage assessment
  4. It is a good idea to figure out exactly what the hacker(s) were after.

    • Were they looking for sensitive information?
    • Did they want to gain control of your site for other purposes?
      1. Look for any recently modified or created files that you cannot recognize or that you haven’t edited yourself.
      2. Check for any suspicious activity inside your Web Hosting Control Panel, such as newly created email accounts, FTP accounts, etc.
    • Determine the scope of the problem — do you have other sites that may be affected?
  5. Recover your content
    1. The absolute best thing to do here is a complete re-installation of all the applications using a fresh and updated copy acquired from the respective script vendor. It is the only way to be completely sure that you have removed everything the hacker may have done.
    2. After the fresh re-installation, use the latest backup that has been made to restore your site. Do not forget to make sure that the backup is clean and free of hacked content too.
    3. Update any software packages to their latest versions. This includes things such as blogs, content management systems, or any other type of third-party software installed.
    4. Change your passwords – the application’s admin password, the hosting account’s password and the FTP passwords.
  6. Restore your online presence

Advantages of our ZFS-based cloud hosting platform

Dear Customers,

A while ago we let you know about upcoming changes to our storage system in our servers with the aim of improving the speed of our clients websites.

To make clearer the advantages this new Hepsia/ZFS storage system provides, we want to share with you this infographic that compares its performance against a regular Cpanel/Ext4 system:

Hepsia with ZFS system versus cPanel with EXT4 system

Kind Regards,
Web Hosting team

SSL certificates – verification and automatic installation

Dear Customers,

Yesterday, we informed you of the newly-integrated option for you to activate a SSL certificate using a shared IP address.

Now, let’s go into more detail about the verification procedure carried on before each automatic SSL installation in our system.

Firstly, when filling in the certificate owner’s details, you need to make sure that the email address is valid because the registry will send a verification email to this address ('Approver' email address). This could be the email address you provided on the Whois details of the domain name where the SSL certificate will be installed:

step-1

or any of the generic email addresses that are automatically generated by our system:

step-2

Please note that if you want to use any of the generic email addresses, you will need to create the email address in the Email Manager of the Web Hosting Control Panel now, before continuing with the procedure.

Please note that the validity of the Approver's Email is crucial to the success of the SSL certificate verification process because the registry will send a verification email, including a link that needs to be followed for the SSL request to be approved.

This is how the verification email looks like:

step-3

If you do not follow the emailed instructions to approve the request, the registry will not issue any certificate.

As soon as the certificate request has been approved, the user will receive a confirmation email from the chosen certificate provider:

step-4

Please note that the confirmation email will also include the SSL certificate itself as an attachment, along with the installation details. As we will install the certificate automatically, there is no need for you to pay attention to these details but you should make sure to backup this certificate.

It usually takes about an hour for the SSL certificate to be generated by the provider. After that, we will install the certificate for your selected host instantly and will send you a confirmation email as well.

Kind Regards,
Web Hosting team

Shared IPs for SSL certificates in the Control Panel

Dear Customers,

As we pre-announced a few weeks ago, you can now activate a SSL certificate for your websites without needing to buy a dedicated IP address.

This can be done with the help of a shared IP address that is assigned to the hosting server.

The ‘Shared IPs for SSL’ option is now integrated into the SSL Certificates section of the Control Panel.

Why a shared IP address for SSL certificates?

The option to use a shared IP address for a SSL has been made available because of the integration of the SNI protocol support into modern browsers. You can read a list of all the modern browsers that support the SNI protocol in the following Wikipedia article.

This way, even if you cannot afford to activate a dedicated IP address for your website, you will be able to make it secure for your visitors. A website with a SSL that uses a shared IP address will still have ‘https’ next to your domain name in the browser's address bar and will look just as secure as a normal site using a dedicated IP.

Please note though that while a shared IP address makes a website secure, it does not add to its uniqueness as a dedicated IP would do because when sharing an IP address with other sites, if someone tries to open the website using the IP address they may randomly open another one of those sites instead of yours.

Nevertheless, the shared IP address is a great free alternative if you just have a small e-store that needs to build a secure image in the eyes of potential customers.

Once you are ready to invest in a dedicated IP address, it is easy to switch from a shared to a dedicated IP for your SSL certificate.

How do you use Shared IPs for SSL certificates?

Just follow these easy steps detailed below.

  1. In the SSL Certificates section, click on the 'Add SSL Certificate' button on the top right side of the page. In the pop-up window, we have set as default the option to configure the SSL certificate automatically. This way, our technicians will install and set it up on your account.
  2. step-1
  3. After filling in the details for the certificate, you will be able to choose between two options:
    1. to get a brand new dedicated IP address for it;
    2. to use an existing dedicated IP address of your own, or to use a shared IP address;
  4. With the first option, you will be able to order a dedicated IP address that will be used for the new SSL certificate exclusively. This will give you full independence and will ensure the safety of your online presence at the same time.

    step-2

    However, if you are not yet ready to invest in a new dedicated IP address, you could take advantage of the alternative:

    step-3
  5. Here you can choose to associate the certificate with an existing dedicated IP address. This IP address needs to be free, i.e. not associated with any other SSL certificate.
  6. step-4
  7. Alternatively, you can choose to use a shared IP address for their SSL:
  8. step-5
  9. Then you will click on the 'Order SSL certificate' button and wait for the SSL certificate to be installed and set up.
step-6

It takes about an hour for the SSL certificate request to be verified by the registry and a few seconds for it to be installed in our system.

In our next post we will explain the procedure for verifying and installing a certificate i.e. – what happens after you order it in auto-configure mode.

Kind Regards,
Web Hosting team

You might like

  • AUD $63.01 each Semi-Dedicated 1
  • AUD $189.03 each Budget
  • AUD $18.90 each OVZ01 VPS Plan