Unconfigured Ad Widget

**skunkbad** · 07-03-2015, 8:15 PM

Is this a cPanel hosting? I'd switch hosts. I once had a host that didn't know that any web hosting account user had complete file system access to all of the other accounts. Switched hosts the same day I figured that out. A lot of hosts don't know anything. They are just resellers selling resold hosting.

**ExtremeX** · 07-03-2015, 9:55 PM

Who is the hosting provider and who is managing the sites DNS?

**ocabj** · 07-03-2015, 10:59 PM

This whole scenario of shared hosting is one reason why I switched to Linode VPS's.

**wheels** · 07-04-2015, 8:45 AM

Originally posted by skunkbad

Is this a cPanel hosting? I'd switch hosts. I once had a host that didn't know that any web hosting account user had complete file system access to all of the other accounts. Switched hosts the same day I figured that out. A lot of hosts don't know anything. They are just resellers selling resold hosting.

Sounds like me

- problem for me is I am a long time MS guy who decided to make the jump to linux hosting just to force myself to learn a bit more. It is cPanel and I have learned a bit.

Originally posted by ExtremeX

Who is the hosting provider and who is managing the sites DNS?

Namecheap is the provider, I manage all my sites DNS entries, issue is (maybe this is common place) the shared host is also the DNS server so all the hijacker probably did was figure out what other domains are also on the shared host and he/she was able to create DNS records in his account for sub-domains where the domain is hosted in my account. When the query came in for the hijacked sub-domain DNS provided the IP address response since the host "was" the DNS server for my domains and he had a WordPress site set up to act as the sub-domain.

Namecheap has been pretty good but I was unimpressed by the obligatory "have you contacted Google?" about the email "warning" I got from Google about the verified account, and then the typical scripted questions until I sent them my DNS zone, and told them that the media files being used were not within my directories on the host.

If I was better with Linux I may have been faster to figure out what was going on.

Originally posted by ocabj

This whole scenario of shared hosting is one reason why I switched to Linode VPS's.

I probably should either get out of the business or learn enough so I'm not dangerous. That or stop learning on production machines

**skunkbad** · 07-04-2015, 12:45 PM

Just browsing info online it would appear that cPanel/WHM has built-in protection against the subdomain hijacking. I'm surprised that Namecheap is your host, as I would expect they would have decent hosting, although I've never used them. Perhaps their cPanel version is outdated or something. I don't see how this could be your fault, even if you are just learning on Linux.

**Frotz** · 07-04-2015, 12:52 PM

I use Linode for my VM hosting. They're good.

Unconfigured Ad Widget

sub domain hijacked

sub domain hijacked

Comment

Comment

Comment

Comment

Comment

Comment

Calguns.net Statistics

What's Going On