In recent weeks, several of our customers have reported that their website has been hacked. After thorough investigation and consultation with other service providers, we have been able to establish that in the case of this type of attack, it is not the website that is primarily infected, but the client's computer that has access to the website.
Since FTP communicates over an unencrypted channel, a virus on the client machine logs the login ID and password during login and sends it to an unknown location. A few days after that, the hosting is usually hacked, and the index and other files of the website are modified from foreign (mostly Russian, Brazilian, Japanese) servers. It is important to know that the modification of the website is not done by the infected client computer, but always by a third (foreign) server.
Unfortunately, this phenomenon cannot be handled directly by the hosting provider, as the theft and use of passwords does not take place on the provider's servers and network. The best protection against this problem is the use of a clean operating system - regularly updated - and modern virus protection.
We have developed an effective solution to prevent such attacks.
The point of server-side protection is that although we cannot prevent password theft, we can restrict logins from unknown IP domains. To this end, a new menu item has been added to the client portal called "FTP IP RESTRICTION". By clicking on this menu item you can configure up to 9 IP addresses or IP address ranges. Once configured, FTP access to the hosting is only available from the configured addresses or domains. In this way, the risk of FTP intrusion attempts from foreign servers (from unknown domains) can be minimized.