How to avoid the Website Hack in Linux Reseller Hosting?

Reasons for hack files uploaded in website:-
——————————————

1. If you are having Weak admin panel or plesk password then there is a chance for hackers to access your domain and upload malicious files
2. If you are using any upload function without file type restriction in your coding where hackers can upload suspicious files and they can rename and then execute those files easily
3. If your local system is not secured then there is a chance for getting easy access to your panel
4. Vulnerable plugins or themes will also allow remote users to upload suspicious files
5. Files and folders with full permission can be accessible by anyone where there is a possibility for such malicious file coding injection.
6. You might be running an outdate version or joomla,wordpress,drupal,whmcs etc
7. You might not have updated to the latest security release of latest stable version or joomla,wordpress,drupal,whmcs etc
8. There could be files with permission levels other than 644
9. There could be folders with permission levels other than 755
10. You could be using a VULNERABLE THEMES or TEMPLATES or PLUGINS in wordpress,joomla,whmcs,drupal etc
11. Your wordpress or joomla admin login details are simple or compromised
12. Your cPanel login details are simple or weak.

How to protect website from hack,

1. Keep your local system free from virus and malware
2. Always use genuine OS in your system
3. Use anti-virus,firewall and anti-malware tools to protect your system
4. Always use tough passwords like 3r48d*#R#T&3023r
5. Keep Changing the passwords for mail, ftp, whm, cpanel etc regularly
6. In your website if you are using open source cms like word press, joomla, drupal etc. make sure that they are upto date
7. Never use 777 permissions for files or folders
8. Make sure that your admin module of your website too has tough passwords
9. If you upload images, files to a folder, better protect those folders with proper permission and also URL protect them so that no one can access them from outside
10.Make sure that your coding is well optimized and is not vulnerable.
11. Upgrade your open source cms such as joomla,wordpress,whcms,drupal etc to lastest version
12. Remove unnecessary installations of joomla,wordpress,whmcs,drupal etc
13. Remove or upgrade vulnerable versions of plugins, themes, templates used in wordpress,joomla,whmcs,drupal etc
14. Check the file and folder permissions. See whether they are 644 for files and 755 for folders. If not, change them.
15. Reset your administrator password for joomla,wordpress,drupal,whmcs etc
16. Reset your cPanel and database login details
17. Keep a backup of your domain in your local system for safety purpose

Actions to be be taken :-
=================
We advice you to take the below mentioned actions at your end inorder to avoid further interruptions.

1.Check on your coding with your developers and investigate how such files are getting uploaded without your knowledge.
2.If you are having weak password, we advice you to change both the admin and cpanel password to the toughest one like @$ERG#$@6SD({
3.If you are having the upload folder under httpdocs then we advice you to keep the upload folder outside of httpdocs and then you can call those files via coding. Also make sure that only image file upload must be allowed and that too with MIME check in it.

[Note : Multipurpose Internet Mail Extension (MIME) type – It is mainly used to identify the format of a file while the transaction between the webserver and the browser. Example of a MIME type is image/jpeg for images, text/css for css. This is mainly used to avoid renaming of files by the hackers]

4.Never use full permission for any of the files or folders. Keep latest version of CMS.
5.Always use genuine OS in your system
6.Make sure that your coding is well optimized and is not vulnerable.
7.Scan each and every files before uploading
8.Always keep a copy your of your website into your local system