0

My webspace has been compromised as explained on this answered question. While looking for advice on other q&a it seems to me in the answers it is assumed the compromised system is a full dedicated or virtual, but not the shared hosting type.

As in shared hosting, even if ssh is available, most of the system is not there or not accessible, and many relevant tools such as a package manager are unavailable, there must be a difference between what can be compromised and how to deal with it in comparison with full servers.

For example, there is no access to root and no package manager.

I would like to understand the differences from the point of view of securing the web space after the attack.

tungsten
  • 421
  • 1
  • 5
  • 19
Jaume Mal
  • 123
  • 4

2 Answers2

1

In both cases, the ideal incident response should be the same:

  1. Make a backup of your data (or, preferably, grab a recent backup pre-dating the intrusion)
  2. Restore your data to a new (shared or dedicated) server, being careful to remove any infection
  3. Nuke the old server from high orbit (if dedicated) or delete your account and walk away (if shared)

You're better off rebuilding than trying to undo damage if you believe the server has been compromised.

gowenfawr
  • 72,355
  • 17
  • 162
  • 199
0

It's possible that the cause of the problem is not that the shared hosting server is compromised - but instead that you are using a wordpress plugin that is vulnerable to this type of attack. See the link below for a list of wordpress plugins with known vulnerabilities. Take note of those whose vulnerability type is 'arbitrary file upload':

https://firstsiteguide.com/tools/free-fsg/hacked-dangerous-vulnerable-wordpress-plugins/

mti2935
  • 21,098
  • 2
  • 47
  • 66
  • Thank you for your answer. I perhaps did not explain myself well. The most probable attack entry point is known, as explained in the linked q&a. My question is regarding the differences between shared and dedicated servers when attempting a cleaning. I edited my question accordingly. – Jaume Mal Aug 23 '19 at 06:16