Hi Curtis,
I seriously doubt that anything installer on the site could avert this kind of attack. According to the hacker, the whole data center is compromised.
OK, one step back. Let's see the whole picture. Security comes in layers. For starters, we have the physical security of the data center where the servers are located, i.e. armed guards, biometric entrance measures, the works. This means that nobody should be able to walk into the data center and tamper directly with the servers. The second layer is hardware firewalls (typically made by Cisco) which prevent common hacking vectors. Then, we have the server's own Operating System security as a third layer. This layer is actually a collection of techniques, ranging from user access control and SSH logins with cryptographic keys only to software firewalls running on the server. These are designed to protect the server from being compromised and stop common attacks to the web server. The fourth layer is the web server process itself, usually using something like mod_security2 and using suPHP or mod_itk. This layer tries to block malicious requests from reaching the web application and make sure that a web application (site) can not interfere with another one running on the same server. Finally, we have the sixth layer, the protection offered by the web application itself.
Admin Tools can only operate partially on the fifth (.htaccess Maker) and fully on the sixth (Web Application Firewall) layer of this scheme. The attacker in this case was able to bypass one of the first three protection layers, essentially "owning" the entire server cluster. In this case, he became root and had full live-or-die control on everything on the servers. It was game over for the hosted sites from the get go.
In those cases, there is only one thing you can do: regular, tested, off-site backups of your site. When the whole server cluster is compromised, you can only sit back, wait for the shitstorm to pass, then take a deep breath, delete everything from your hosting account and restore the last known good backup. And start looking for a more secure host.
As slaes said, there's only so much to expect from a 5$/month host. Maintaining tight security throughout the entire spectrum of security layers costs a lot and this price certainly doesn't justify this kind of operational costs. And now you understand why a 20$/month host may give you less space and less bandwidth than a 2$/month host. The 10x price is justified by the cost of the increased security and actually hiring very well qualified, seasoned technicians instead of low-cost, self-taught, semi-ignorant newbies. To give some perspective, despite all I know about security, I still wouldn't trust a host employing me to tighten the security on their servers. I just know that there are many things I am not adequately proficient in to do that. Most newbie technicians employed by low-cost hosts, however, do not half this degree of self awareness ;)
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
