I am having troubles importing my SQL database, it’s too big!

This can happen as the HTTP post size is limited to a smaller number. The best way to restore your SQL database is by logging into your account using a SSH client. Be sure that you’ve already created your MySQL Database from inside of the control panel before continuing.

  1. Using a FTP client, upload your SQL file to your root directory /home/username/
  2. Start PuTTy or your favourite terminal client.
  3. Connect to your primary domain name with a port number of 22
  4. Enter your cPanel username and password when prompted
  5. Once logged into a console, run the following command: mysql -u your_mysql_user -p your_mysql_db < /home/username/sqlfile.sql **Ensure you replace the fields with your db username/database name and location of the sql file.**
  6. Enter in your mysql user’s password and press enter.

If you are still having troubles importing your database due to size, please open a ticket from inside yourAccount Manager and include details of the .sql filename and which database you would like imported to and one of our agents will complete this for you.

Global wordpress brute attack

As I type these words, there is an on-going and highly-distributed, global attack on WordPress installations across virtually every web host in existence.  This attack is well organized and again very, very distributed; we have seen over 90,000 IP addresses involved in this attack.

At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website.  These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including “special” characters (^%$#&@*).

You have now changed your WordPress password, correct?  Good.

The main force of this attack began last week, then slightly died off, before picking back up again yesterday morning.  No one knows when it will end.  The symptoms of this attack are a very slow backend on your WordPress site, or an inability to log in.  In some instances your site could even intermittently go down for short periods.

We are taking several steps to mitigate this attack throughout our server farm, but in the same breath it is true that in cases like this there is only so much that can actually be done.  The servers most likely to experience service interruptions will be VPS and Dedicated servers hosting high numbers of WordPress installations, due to the incredibly high load this attack has been seen to cause.

If you are hosted on a VPS or Dedicated server and you would like for us to take a more severe, heavy-handed approach to mitigate this attack, we can do this via means such as password-protecting (via .htaccess) all wp-login.php files on the server.  If you would like our assistance with this, please contact us via normal support channels.

Again, this is a global issue affecting all web hosts.  Any further information we could provide at this moment would be purely speculation.  Our hope is that this attack ends soon, but it is a reminder that we must all take account security very seriously.

We will update this blog post when we have further information.

———————–

For cloudflare User :

We’ve been monitoring a brute force attack against WordPress installations. Details about the attack are available at http://blog.cloudflare.com/patching-the-internet-fixing-the-wordpress-br.

We have rolled out protection against this attack in the CloudFlare Free plan. This attack is significant. We’ve seen more than 100,000 unique IP addresses participating in it.
While this attack is ongoing you should consider enabling CloudFlare Free or higher for any customer using WordPress.

cPanel servers compromised?

Salutations,

You are receiving this email because you have opened a ticket with our support staff in the last 6 months. cPanel, Inc. has discovered that one of the servers we utilize in the technical support department has been compromised. While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys. If you are using an unprivileged account with “sudo” or “su” for root logins, we recommend you change the account password. Even if you are using ssh keys we still recommend rotating keys on a regular basis.

As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers. cPanel’s security team is continuing to investigate the nature of this security issue.

–cPanel Security Team

Why I can’t access my web-site and cPanel?

More than that, you are not able to access cPanel and webmail. The links http://serverIP/cpanel and http://cpanel.domain.com are receiving the error ‘Server connection timed out’. What is happening? Most likely, your external IP address was blocked by Firewall. 

Firewall is a set of devices designed to protect networks from unauthorized access while permitting legitimate communications to pass. Due to security reasons, we have installed Firewall on our servers, too.

In case of 20 failed login attempts from your IP-address it gets temporary blocked for 10 minutes. If more failed logins are detected during this period IP gets blocked permanently. If servrer detects 15 falied login attempts from different IP-addresses this account will be temporary locked for 5 minutes.

So, if you find yourself not being able to connect to the website, cPanel and webmail from a certain computer, most likely you have triggered the Firewall rules. Please contact our Support and we will gladly unlock your IP. Your external IP-address can be found here 

What can be the reason of the IP being blocked and how to avoid it? 

*   Failed cPanel login

When you were not able to login to cPanel from the first time, please do not try to do it as many times as possible. Once you have used the incorrect login details 20 times in 300 seconds, the IP gets blocked. To avoid that, please check your login details in a Welcome Email Guide that was sent to the email account, associated with the hosting package. Otherwise, feel free to ask for the cPanel password reset via our Support .

Note: you can use Roboform and Lastpass web-browser addons to keep your login details safe and secure and not to have to type and remember them.

*   Failed POP3/IMAP or webmail login 

If you have issues logging into webmail, please reset the email address password in the cPanel account on the ‘Email accounts’ page.

ipbl3

If you are using an email client, make sure you update the login details there.

*   Failed FTP/SSH login 

Please make sure your FTP client is using correct login details and appropriate settings. Please make sure to use port 21 for FTP and 21098 for SFTP (SSH). Note that we enable SSH by users request. Therefore please contact us via Support requesting to enable SSH. The tips on how to connect via SSH

*   Failed web page login 

It occurs when there is an authentication form or a protected directory on the website. Please make sure to use correct login data.

*   PortScan activity 

Port scan is an attack that sends client requests to a range of server port addresses on a host, with the goal of finding an active port and exploiting a known vulnerability of that service. To avoid that, please make sure your cleints are set without permanent tries to scan server’s ports. Reduce timeout intervals on all FTP and mail clients in your network. If there are many users in your network, and all of them are accessing the Internet from external IP address, make sure they do not reconnect with FTP or mail clients frequently. Connection requests coming from one IP can trigger the firewall to block the IP. You can modify FileZilla’s max concurrent connections for every site you connect to the following way:
•   Start up the FTP program FileZilla, and then go to Edit and then Settings
•   Under the left sidebar menu on the Settings window, you should see a Transfers option. Click it.
•   Under Concurrent transfers, you have the label, “Maximum simultaneous transfers:”, then a text box with a numeric value in it. Make sure that number is 3 or less. It is recommended to keep this value at 1 if possible, because little difference is often seen and having multiple connections would slow down your uploads in the long run. If the value is more than 3, you risk being blocked.
•   Hit the button labeled, “OK” and then exit out of FileZilla and start it up again for the changes to go in effect.

ipbl6