And the email switchover is in progress On Thu, Aug 6, 2015 at 5:15 PM, Michael Chaney <[email protected]> wrote:
> I again strongly suggest: > > 1. Move email *immediately* to gmail or another like service. > 2. Identify issues with the web site that allow attackers in. > 3. Move web hosting elsewhere if possible. > > It's a Joomla site, so I assume the database is simply the Joomla stuff. > If that's the case, your best bet is to simply find a Joomla-capable host > and move it there (even hostgator has this as a solution). > > If you can't do that then they should move to a managed server solution. > But unless they're doing something much different than what it looks like > gmail + joomla hosting would serve them well and probably cost 1/10th what > they're paying for a hacked server, especially since gmail is free for them. > > Michael > > On Thu, Aug 6, 2015 at 4:45 PM, Michael L <[email protected]> > wrote: > >> Webserver and Email is all I know of; I know there is a litlle mySQL db >> of about 13MB. I can look in the cPanel if I know what to look for. >> Thank you >> M >> >> On Thu, Aug 6, 2015 at 2:03 PM, Michael Chaney < >> [email protected]> wrote: >> >>> I have to again ask: is there *anything* besides these services running >>> on that server? >>> >>> 1. Email >>> 2. Webserver >>> >>> Let's start there. >>> >>> Michael >>> >>> On Thu, Aug 6, 2015 at 12:56 PM, Michael L <[email protected]> >>> wrote: >>> >>>> Hello NLUG, >>>> I found on the cPanel that standard email security features involving >>>> spf and DKIM were disabled, so I enabled them; that helped matters >>>> somewhat. I've gotten a few notifications that 'someone' is logging into >>>> our cpanel. One of those cPanel logins at 3am July 30th was supposedly the >>>> IP address of Comcast's "security" desk out of Murfreesboro with all their >>>> contact info. >>>> >>>> The company hosting our dedicated server is Hostgator out of Houston. >>>> When I contacted support 3 weeks ago regarding our blacklist and security >>>> issues, I was told that being a dedicated server, everything is on us. >>>> Asking further, I was.given suggestions of Sitelock, ClamAV, and Codeguard. >>>> Jjust paid $60 for one year's worth of Sitelock protection. Hostgator >>>> (when asked) installed and (when asked again) supposedly ran a ClamAV scan >>>> for us, which supposedly took 2+ days to complete, which was a week ago; >>>> haven't heard anything regarding scan results. Checking into CodeGuard, >>>> looks like a useful site back up and restore service. >>>> >>>> Am I to believe that Sitelock and Codeguard will get the job done as >>>> far as security and recovery? Or should I be looking to go from dedicated >>>> server at about $250/mo to managed dedicated server at $600+ / month? >>>> >>>> What say those more knowledgeable than I? I'm thankful to get to ask >>>> these questions here. >>>> >>>> MichaelL >>>> >>>> >>>> >>>> >>>> -- >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> To post to this group, send email to [email protected] >>>> To unsubscribe from this group, send email to >>>> [email protected] >>>> For more options, visit this group at >>>> http://groups.google.com/group/nlug-talk?hl=en >>>> >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "NLUG" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> >>> >>> -- >>> Michael Darrin Chaney, Sr. >>> [email protected] >>> http://www.michaelchaney.com/ >>> >>> -- >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/nlug-talk?hl=en >>> >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "NLUG" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> -- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nlug-talk?hl=en >> >> --- >> You received this message because you are subscribed to the Google Groups >> "NLUG" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Michael Darrin Chaney, Sr. > [email protected] > http://www.michaelchaney.com/ > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
