[SOLVED] How to prevent add-on domains on shared cpanel from malware

Hello All,
I have a small question on how to prevent add-on domains from getting infected from malware that are hosted on same server space (in public_html) on cpanel server. If a single site is infected the infection spreads across all the sites that are hosted on cpanel.

Secondly although we do not have much control over shared hosting how can we make the shared hosting secure by way of PHP configurations files or if any sort of firewall could be installed on cpanel.

Thanks in Advance.

Kind regards
ST

1 Like

If you addondomain are not handled by you then you cannot control there. If you are using wordpress make sure all the files are upto date.
For wordpress consider using Ithemes Security or Wordfence Plugin.
Wordfence Plugin has the option of scanning the root directory as well(in this case addon domain).

Consider this plugin from Themeforest.

This can handle multiple php sites effectively

2 Likes

Your add-on domains can be secured and it cannot be. This depends on how the server is setup and how it is being managed. Nowadays there are many tools available to secure shared hosting server. For example, to secure Linux server, CloudLinux OS is the best choice.

Since this is shared hosting, it will share same IP to other websites hosted on the server. If there is malicious websites on same server, it can affect IP reputation and thus it can affect your website as well.


If you want host Malware on a shared server with multiple domains attached to it, then

It might be expensive to buy multiple PC’s for this purpose, you could just consider using a single machine and host several virtual machines on it. But I would keep the malware on a separate system, though, as it might go past the VM’s or cpanel’s boundaries.

Also, remember!

Hosting malware is generally prohibited by the domain name provider (Verisign for .com domains, etc). I wouldn’t suggest hosting malware on any shared hosting plan, virtual server, dedicated server and even collocated hardware as you’ll end up either being suspended, terminated or having your public IP null-routed.

Instead, if this is legitimate research, I’d suggest you to setup a private network to run your tests on.

  • If you do want to analyse malware then you will have to set up your own “Internet” environment, disconnected from the Real World. Basically, this means setting up one PC as a DNS server and a second one as your malware host. Then you can use additional systems in your Intranet environment to research the malware.

I’ve seen malware engineers, they build malware to test systems. They’re penetration tester.

  • If you want to test your malware, make it private.

  • Do not connect your computer to the Internet.

To build your own malware testing network; configure a computer (laptop, desktop or server), with a virtual environment (VE) and a few virtual machines (VMs).

The virtual networking will allow you to be able to communicate between the multiple VMs.

One VM, preferably UNIX / LINUX needs to be set up as a DNS and NS server.

The second VM can be your hosting server. Add Nginx for web hosting, and FTP server or HTTPS file serving server (with Nginx) and anything else you require to serve your malware.

Add your malware to the second VM.

You can now decide whether you would like to muck up a VM on the same VE or on another computer - make sure not to use your main computer.

I have a separate VE with my target VMs. I sometimes attack the VE and everything falls over, but the majority of the time I attack the VMs.

I attack my own work on FreeBSD Jails and try to break anything I can to build it back up and report my findings to the people who need to fix it.

With the above network setup, you are ready to start accessing your web server.

You can access the server via the IP and port in: IP:PORT or you can use the DNS and NS VM for enabling your domain name.

This will not be externally available, which is the whole point. You are creating an isolated Intranet.

Create your DNS record, it could be anything malware.com would be fine.

Add your DNS record to the DNS and NS and be able to access your domain from the target browser.

  • If you are doing this for a corporate of for an institution (University), you can ask them for specific ports within their Software Defined Network (SDN). I do hope they have an SDN.

That way you will be isolated from the rest of the network without having to have a separate network.

Cisco Meraki manages all of my colleagues SDN architecture. It allows them to manage problems from anywhere on the planet and link multiple regions of my corporate and personal operations.


And if your hosting is infected by Malware,

I would suggest you to always monitor your Host Cpanel, too much use of resources it may be caused by malware!

Statistical comparison of before and after installing a theme and see a large increase in requests, shows that something is wrong.

After installed new Theme, to check your website Speed and Number of Request you can use Gtmerix or Pingdom tools.

Some tools to find the malware and security scanner:

https://sitecheck.sucuri.net
https://www.virustotal.com
https://app.webinspector.com
http://www.quttera.com
http://www.isithacked.com
Gotmls Plugin Anti-Malware Security and Brute-Force Firewall By Eli Scheetz

3 Likes

Thanks for the detailed explanation. I appreciate it :slight_smile:

1 Like