Hosting (8)



What's a Web Host Suppose to do When Your Site Gets Hacked?

04 February 2016 Hosting 0 1881

Today you went to visit your website only to find that it’s been pwned by some script kiddies from Turkey who think it’s funny to take over your homepage. Maybe you visited your site to discover that it has been taken over as part of some sort of Chinese shopping cart scheme. Or, perhaps you received a notice from your hosting provider that your website is sending out thousand of spam emails with the subject "buy cheap Viagra” or has become part of a bot net DDOS attack and has now been suspended.

Whatever the case, you may not know how your site ended up this way, but you sure as heck want it fixed–and pronto!

What do you do? What should you expect your hosting provider to do for you?

How Did Your Site End Up This Way?

Those are great questions, but first it’s important to understand why your site ended up this way. The number of ways to hack a website can be endless, so it would be impossible to discuss them all here in detail. Though, the most common site hacks are due to the simplest of factors: vulnerable site software and poor security.

Vulnerable Site Software

Hackers are always going to target the easiest prey. Think about it this way: if a burglar shows up in your neighborhood to find a street full of houses that have posted alarm systems installed and one house with no alarm system, which house is the burglar going to target? The house without the alarm of course. In much the same way, If a hacker is looking through a bunch of sites and sees that they all have the latest software installed and third party software that’s all up-to-date, are they going to go through the trouble of trying to discover new security holes in your site software or do you think they’ll move along to other sites using out-of-date software with published vulnerabilities? Unless they’re very experienced and on a mission to find something specific that they know is there, they’re going to move onto an easier site. But why?

You see, most hackers are only interested in using your site for nefarious purposes. Their end goal is to use your site as a place to hide their spamming scripts or DDOS scripts. Even though it happens, most don’t even want to deface your site. They just want to use you for your site. So you have to make it difficult for them to do this.

When you don’t stay on top of updates, it’s like posting a sign in your yard that says, “please, come steal my stuff.” Keeping your software up-to-date with the latest security patches is like posting a security alarm warning in your front yard. Hackers are going to move along to easier targets.

Poor Security

Hackers with a little more determination will use techniques like brute force to guess your passwords over time. Burglars know what those fake rocks look like where you hide your spare key and will check under your door mat. Using a weakly composed password, with your first pet’s name in it, your birthdate, or other easily guessed combinations of letters and numbers will eventually fall victim to a brute force dictionary attack. And what gives with using ‘password’ as your password or ‘admin’ as your username? Why not just invite our burglar in for dinner? That’s basically what you’re doing will hackers when you don’t use strong passwords.

A good hosting company will help limit much of this by enabling or providing the ability to limit failed login attempts in your site software or use their firewall to prevent hackers from trying to brute force your hosting account. If you don’t know anything about this, make sure to ask your host about what they do and what options they provide.

Hackers on a mission will utilize social hacking techniques where they pretend to be you to get at your site and/or information. Find out what your host does to stop this. We provide two-factor authentication and require security authentication answers when attempting to gain assistance to help prevent social hacks. But, again, unless a burglar knows you have a safe with gold bars in it, they’re probably going to leave you alone. Most hackers just want to use you for your site.

So, What Should You Expect Your Hosting Provider to do?

Now that we’ve looked a little into why hackers might be interested in hacking your site and how they might go about accomplishing it, we’re in a better place to discuss what you should expect your hosting provider to do.

Usage of open source software has exploded over the past decade. With such great, free and easy to use scripts out there such as Joomla, Wordpress, etc., it’s understandable why you would choose to use them for your site. We highly recommend them. The problem, as we mentioned eariler, is all too often people don’t keep these things up-to-date. Just like there are huge communities supporting each of these open source projects, there are hacking communities out there that write exploits to take advantage of these vulnerabilities and share them in the dark nether regions of the internet. When you don’t keep your site software up-to-date, who’s fault is that? We provide all sorts of tools for helping keep your site up-to-date and even plans where we go the extra mile to keep everything up-to-date for you for Joomla and WordPress, but ultimately the responsibility to keep sites up-to-date falls to the hoster. You need to figure out how you’re going to keep it up-to-date. What tools are available to you? Would you prefer to not have to think about it? How much will it cost? What is your plan?

So when your site gets hacked, what’s your host likely to do? Hosting companies have to protect their other customers and their network. We’re not sure exactly what you can expect at other hosts, but here at Simple Source, despite all of the protections we provide, sites do get hacked due to customers not keeping sites up-to-date. So, when this happens:

  • we’ll usually find out that a site is sending out spam or utilizing a ton of system resources, track down the source and then suspend the offending account and notify the account holder. It’s in our terms of service. When we hear back from the client, we’ll then run a scan and null root the offending script and allow the customer the opportunity to clean up their own site if they so desire or offer to do a deep cleaning and restoration at our standard hourly rate–work that we guarantee.
  • If the customer has said they have cleaned up their account only to find out that it’s being used for nefarious purposes again, we’ll go through the same process again.
  • If this happens a third time, we will generally suspend the offending account and offer again to clean up the account at our standard hourly rate. If the customer doesn’t want to go that route, we’re happy to send the customer a link to download their site files and databases.

At some point, if customers keep inviting burglars into their house, we have to put a stop to it before it starts to negatively affect other customers. It takes our valuable time to do this which means we have less time to serve our other customers and make Simple Source even better.

Bottom line: we know all of this can be incovenient, but if you’re in the habit of sending out invitations to hackers to hack your site, you should expect it will cost you something in terms of time or money to recover from what they do to your site. 



Our Client Area - The Power of Sub-Accounts

19 January 2016 Hosting 0 1809

A while back we took a look at how you can easily manage all of your Apps from your client area at Today we're going to take a look at sub-accounts.

Sub-Accounts are an often all too underutilized tool of our client area at which is now even more powerful than before. Sub-Accounts allow you as a client to assign users with permissions to various functions who can then carry out a variety duties for specific purposes that you only want your users to have access to perform. Whether you’re wanting someone to have access to billing, support, domain, hosting services, and more, Sub-Accounts give you the power and control over who can do what–all from your client area.

How Can You Use Sub-Accounts?

There are plenty of use-case scenarios we could look at, but let’s look at just a few common examples you may find useful for Sub-Accounts:

Billing Managers

Many companies have a dedicated billing or accounting manager or department that is responsible for keeping track of financial records such as receipts, payment information, or who may need support for any financial information associated with your services. You can allow them access to invoices and/or billing support and to receive notices from billing all through setting them up with a sub-account.

Web Designers

You may be working with website developer or designer to build your website. You may want to give this person or company access to our support or to your hosting services without giving them access to billing information or account info. This would allow them access to manage your hosting service, access your cPanel services such as file manager, email accounts, and more.

Domain Management

Suppose you have someone in your company or organization that you want to setup Google Apps on your domain. You could simply allow them access to the domains section of your account or the hosting services area of your account so they can add the mx records necessary to point your mail to Google Apps.

How Do I Setup a Sub-Account?

It’s simple:

  1. just login to the client area and click on “Contacts/Sub-Accounts”
  2. enter in the user’s name and contact information
  3. tick the box under "Activate Sub-Account” next to "Tick to configure as a sub-account with client area access"
  4. tick the boxes for what you want the user to have access to under "Sub-Account Permissions"
  5. tick the boxes under "Email Preferences” for which notices you would like the user to receive
  6. click “Save Changes"
    hosting sub accounts permissions

And viola! You have now put the power of Sub-Accounts to good use–delegating roles to someone else in your company, organization, and/or to a third party vendor to securely do work for you.



New Client Area Features - Apps Management

02 October 2015 Hosting 0 1874

The new client area at is more powerful than ever, giving you total control over installing and managing your apps. Last time we took a look at Hosting Account Management in the new client area. This time we're digging into app management. 

App Installation

installation apps list

When you first sign up for hosting service, or when placing an order for new hosting service, you’ll be present with the option of installing the app of your choice. Choose from popular apps for your site such as Joomla, Wordpress, Magento, Drupal and more. Simply choose your app of from the list when placing your order and your app will be automatically installed and waiting for you when your order is fulfilled.

App Management

app management

Once installed, you can easily manage your apps by visiting your services page, clicking on your hosting service and then on the Applications link. From here you’ll be presented with a list of your applications installed under this hosting account for you to manage.

Install New Apps, edit existing Apps, Create and Manage App Backups

Apps Management

You can easily install new apps of your choice, selecting from dozens of apps. You can edit the details of your other installed apps, and manage or take new backups of your app(s) by simply clicking on the associated link.

Install New Hosting Apps

As you can see, the client area has a come a long way in terms of making available to you easy and straightforward management of your apps. The new client area apps management interface is available in the client area for all of our shared hosting services including: The Simple Starter Plan, The Simple Hosting Plan, Business Hosting Plan, all of our Joomla Hosting Plans, Wordpress Hosting Plans and, of course, our App Hosting Plans

Next time we will take a deeper look into the power of using sub-accounts with granular permissions to enable others, like employees, to access and mange only the account services you want them to have access to manage.

Page 1 of 2

Get in Touch