Update on the Gumblar Attack front

In our previous Blog post, we informed you about hosting packages on our Linux Hosting environment being affected by Gumblar Attacks. Over the past few days, we have been investigating these attacks, and working on methods to mitigate the damage caused by them; our findings and recommendations are as follows:

  • Through our investigations, it was confirmed that the infection was not due to any server vulnerability. We enforce stringent security measures to safeguard your data.
  • The attack is perpetrated through stolen FTP login credentials. It transmits FTP information to an IP address from an infected machine.
  • This FTP information is then used to log on to the web server and infect the hosted website.
  • The attack is not limited to ResellerClub’s hosting services – so far, thousands of websites across a large number of hosting providers have been infected through this attack.

Given the nature and scope of this attack, it is important that proper security measures to be taken at all levels to prevent it. We would like to suggest a few steps that would reduce the vulnerability of your computer and remove existing threats.

Recommendations:

  • Install an antivirus program with the latest updates and ensure removal of any malware, trojans or key loggers on any machine that you use to manage your website’s content via FTP. Several free antivirus software like AVG, AntiVir, Malwarebytes are available for this purpose. Regular virus scans will minimize such threats to a great extent.
  • Once you are confident of a clean machine, you should change all FTP passwords.
  • Avoid storing the new FTP passwords directly on the FTP clients. Variants of this virus have the potential to grab stored passwords from there.

What you need to do at your end to stay in tandem with the steps that we’ve taken:

  • All websites that were determined to be infected have now been cleared. If you find any discrepancy with the content of your website, please inform our support team immediately.
  • We have reset the passwords for all FTP users across all Linux Hosting Packages.
  • You need to login to your Control Panel and set new passwords for all FTP users.
  • It is advisable that you set complex, alphanumeric passwords and frequently change them for additional security.
  • Please read our KnowledgeBase article that contains instructions on how to reset your FTP passwords.
  • As intimated in our previous post, we now support FTP access via Secure FTP (SFTP) only. SFTP will encrypt both commands and data, preventing passwords and sensitive information to be sniffed over the network.
  • Please read this KnowledgeBase article which includes more information about SFTP as well as a list of common SFTP clients.
  • We have also enabled net2FTP connections for all packages, so you may use the File Manager within your control panel to manage your content.

For any doubts/further issues that you may face, please feel free to contact us.

– ResellerClub Support Team