[Jeff]

Quote:

Originally posted by .net The number one cause of exploits is weak root passwords, make sure you have a rock hard password (example sn38@ds1_s) which is changed regularly. It might even be a good idea not to know your root password, if your hosting provider offers a managed hosting service.

I don't think it was the root password that was the problem, it looks like they exploited a security hole in cpanel.

When I logged into WHM there was a large red warning telling me to upgrade because of security problems that had been discovered, if I'd seen that a couple of days earlier I'm sure I'd have been OK. I thought I'd got it set up to update automatically, but that doesn't appear to have happened. I must remember to log in to WHM at least once a day to see if there's anything that needs updating urgently.



Rather than get a UK based dedicated server I've decided to use one of my US based dedicated servers just to run my databases on. I'll (hopefully) make it more secure by turning off all services that aren't required, and I'll use it to serve database results to sites hosted in the UK on a reseller hosting account. So I'll have the advantage of my sites appearing to be in the UK, but still using a relatively cheap US based dedicated server to do the processor / disk intensive stuff.