Linux Hosting environment being affected by Gumblar Attacks. Over the past few days, we have been investigating these attacks, and working on methods to mitigate the damage caused by them; our findings and recommendations are as follows:
- Through our investigations, it was confirmed that the infection was not due to any server vulnerability. We enforce stringent security measures to safeguard your data.
- The attack is perpetrated through stolen FTP login credentials. It transmits FTP information to an IP address from an infected machine.
- This FTP information is then used to log on to the web server and infect the hosted website.
- The attack is not limited to ResellerClub’s hosting services – so far, thousands of websites across a large number of hosting providers have been infected through this attack.
Given the nature and scope of this attack, it is important that proper security measures to be taken at all levels to prevent it. We would like to suggest a few steps that would reduce the vulnerability of your computer and remove existing threats.
- Install an antivirus program with the latest updates and ensure removal of any malware, trojans or key loggers on any machine that you use to manage your website’s content via FTP. Several free antivirus software like AVG, AntiVir, Malwarebytes are available for this purpose. Regular virus scans will minimize such threats to a great extent.
- Once you are confident of a clean machine, you should change all FTP passwords.
- Avoid storing the new FTP passwords directly on the FTP clients. Variants of this virus have the potential to grab stored passwords from there.
What you need to do at your end to stay in tandem with the steps that we’ve taken:
- You need to login to your Control Panel and set new passwords for all FTP users.
- It is advisable that you set complex, alphanumeric passwords and frequently change them for additional security.
Cheers, Server Team