I again strongly suggest: 1. Move email *immediately* to gmail or another like service. 2. Identify issues with the web site that allow attackers in. 3. Move web hosting elsewhere if possible.
It's a Joomla site, so I assume the database is simply the Joomla stuff. If that's the case, your best bet is to simply find a Joomla-capable host and move it there (even hostgator has this as a solution). If you can't do that then they should move to a managed server solution. But unless they're doing something much different than what it looks like gmail + joomla hosting would serve them well and probably cost 1/10th what they're paying for a hacked server, especially since gmail is free for them. Michael On Thu, Aug 6, 2015 at 4:45 PM, Michael L <[email protected]> wrote: > Webserver and Email is all I know of; I know there is a litlle mySQL db of > about 13MB. I can look in the cPanel if I know what to look for. > Thank you > M > > On Thu, Aug 6, 2015 at 2:03 PM, Michael Chaney <[email protected] > > wrote: > >> I have to again ask: is there *anything* besides these services running >> on that server? >> >> 1. Email >> 2. Webserver >> >> Let's start there. >> >> Michael >> >> On Thu, Aug 6, 2015 at 12:56 PM, Michael L <[email protected]> >> wrote: >> >>> Hello NLUG, >>> I found on the cPanel that standard email security features involving >>> spf and DKIM were disabled, so I enabled them; that helped matters >>> somewhat. I've gotten a few notifications that 'someone' is logging into >>> our cpanel. One of those cPanel logins at 3am July 30th was supposedly the >>> IP address of Comcast's "security" desk out of Murfreesboro with all their >>> contact info. >>> >>> The company hosting our dedicated server is Hostgator out of Houston. >>> When I contacted support 3 weeks ago regarding our blacklist and security >>> issues, I was told that being a dedicated server, everything is on us. >>> Asking further, I was.given suggestions of Sitelock, ClamAV, and Codeguard. >>> Jjust paid $60 for one year's worth of Sitelock protection. Hostgator >>> (when asked) installed and (when asked again) supposedly ran a ClamAV scan >>> for us, which supposedly took 2+ days to complete, which was a week ago; >>> haven't heard anything regarding scan results. Checking into CodeGuard, >>> looks like a useful site back up and restore service. >>> >>> Am I to believe that Sitelock and Codeguard will get the job done as far >>> as security and recovery? Or should I be looking to go from dedicated >>> server at about $250/mo to managed dedicated server at $600+ / month? >>> >>> What say those more knowledgeable than I? I'm thankful to get to ask >>> these questions here. >>> >>> MichaelL >>> >>> >>> >>> >>> -- >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/nlug-talk?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Michael Darrin Chaney, Sr. >> [email protected] >> http://www.michaelchaney.com/ >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Michael Darrin Chaney, Sr. [email protected] http://www.michaelchaney.com/ -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
