Abuse/Compromised site Suggestions

marcacer

New Member
When 1 of the sites on the server is Compromised is would be better to suspend the SITE and not the whole SERVER including all accounts that has nothing to do with the domain in case.

I have servers at 3 locations, including KH. But when a user sites gets Compromised KH is the only Host that suspends the whole server within 48 hours (sometimes 24 hours!) including all shared accounts, instead of just the domain.

Example other host: Site X has a lot of flagged files. This account has been suspended.
Please clean/take actions, change the cPanel password before you unsuspend the account.

KH: "We will need to hear back from you in regards to the issue(s) described in this Abuse ticket within 24 hours or the server will be suspended"

I strongly suggest to re-think about this. By suspending the site we have enough time to update the CMS, clean the account, etc. and work with support.
 
Hello marcacer,

I'm not a KH employee but I do have some questions regarding this.

Your accounts with other hosts, are they for a VPS like you have here with KH?

As far as I know the people at KH do not even have access to your client domains, just the VPS itself at a higher level. Sure they could probably change your WHM password and get in that way but would you really want them to do that?

If you do have a VPS with the other hosts then you might want to question why they have access to your clients' domains when they're housed on your server that you pay for.

Actually I guess that's really my only question because that is the crux of the issue you have.
 
Hi Dan

LiquidWeb/SoftLayer have both stored in their customer managed interface the root password encrypted. (You can also not see it). Longer then 10 years also with them, never a security issue. This way you don't have to open a ticket every-time with your password in plain text like here at KH.
 
Hi marcacer,

Interesting! Just different ways of doing business I suppose.

One way your upline always has access to your accounts and clients and the other way they only have access when you give it to them and ask them to. Personally I don't think they have a right to access my VPS without my knowledge and permission, I'd bet that part of your other host's Terms of Service is that you give them that right.

It's a clear delineation of boundaries and a more up front way of doing business. It's a "You pay for this VPS, it's yours and we cannot access it without your permission" kind of thing.

I also don't see an issue with sending a password through a SSL secured site, just like sending a credit card number through.

Again, these are all just my own opinions. I can see where having my whole VPS shut down because of one site would definitely be frustrating. I've gotten the same email before when a client's WP site get pwned but I shut it down myself before they took the whole thing down but if you're unable to do so then yeah, that'd suck.

Hope you're able to get it straightened out!
 
KH: "We will need to hear back from you in regards to the issue(s) described in this Abuse ticket within 24 hours or the server will be suspended"

I strongly suggest to re-think about this. By suspending the site we have enough time to update the CMS, clean the account, etc. and work with support.

KH is only asking you for a response. If you check your email at least every 24 hours and would just reply with something like "Thanks for informing me. I'm doing everything in my power to isolate and resolve the issue." They won't shut down your VPS at that 24 hour mark. I know, I've been there too. I'd rather they don't have access to everything on my server, like Dan said, and I'm sure KH feels the same way so there's no liability on them.
 
Top