BuycPanel Blog

BuycPanel Blog

Latest news and updates

11/22/2013 – cPanel Security Threats that Can Attack Your Account

Posted by Jamison on 22 11 2013.

Using cPanel means that you are relying on your web hosting service and control panel to manage your server and accounts. Hackers know this and this is why they create security threats on your cPanel accounts. One of the best ways to protect your account is to enhance security measures and always update your account with the latest security fixes. But, learning more about what these security threats are can also shed light on what you’re dealing with.


Software Exploits


Webmasters who are using blogging software on their cPanel accounts find it to be an easier way to maintain and build a site. Software like WordPress and Joomla are the most commonly installed. While these programs can provide big help, they can also pose as a security threat to your cPanel account.


These programs may have a security hole in the script and this is what hackers will take advantage of. The hacker simply looks for sites with outdated scripts and exploit them using codes. The best way to combat software and script exploits is to make sure all programs are up-to-date. You may also include updating all the plugins and modules in the software you’re using. Do note that third-party applications can be poorly coded which can be the cause of a software exploit.


Cross-Site Scripts


Small businesses like shared hosting services because it is more cost-effective. However, there are risks involved when you run your website on a server that you share with other people. Although the web host provides security measures to make the server secure for everyone, you may still need to take action to keep your own site secure. Usually, in this case, the target of the security attacks is the weak file directories.


Don’t use 777 for files and directories. For directories where there’s PHP and other scripts, it should be 755 or lower. For directories that are written to by scripts, it should be 757 or lower. For PHP files, permissions should be set to 600. Files in MySQL database should have 400 permissions.


Weak and Stolen Passwords


The most preventable yet the most exploited security holes in a cPanel account are weak passwords. There’s a reason why you are always reminded not to create ordinary or easy to guess passwords. Hackers can hack it easily using brute force attack. The best type of passwords are those with 16 characters including special characters, letters and numbers. Also, passwords should be regularly changed and it should vary with different accounts.


Your passwords are always at risk of being stolen the moment you hit that login or enter button. When it’s sent to the network, viruses like the Trojan or a Sniffer can steal your passwords. To protect your cPanel account, use a secure FTP or SFTP when connecting to a server. On your web browser, use https instead of http. These security measures indicate that you are connecting through an encrypted state, hence, your passwords can’t be stolen.


And of course, always make sure your anti-virus is running and is updated. Anti-virus programs are extremely helpful in improving security in your accounts.