The site I manage has already suffered one major and one minor breach so I'm looking closely at methods of improving security. We've been using FTP…
Everybody seems to agree that FTP must be replaced for the sake of security, and SFTP seems to be the replacement. But our shared-hosting plan provides only one SFTP account and our primary alternative vendor only one.
I imagine that this is just what one gets being unable to afford better than shared hosting. But also because SFTP is SSH-based and there's no need to have lots of different people mucking about sites via SSH.
Q1: Do any major hosting vendors provide multiple secure accounts in shared-hosting plans at competitive prices?
Q2: Is it correct that there's no sensible way to share one SFTP account among two or three people? In other words, is it inevitable that someone will end up using a totally insecure FTP connection?
Q3: What to do? Suggestions welcome!
Q4: Am I missing anything incredibly obvious?
No, we were never able to determine the cause of the breaches, despite a lot of effort. I located as many lists of precautions to take and holes to close and did my best. FTP is one major one I'm still trying to close.
Briefly: After the first breach, we updated to the latest version of the CMS we use (phpFusion) and moved the bulk of the site to subdomains. (There is a good reason, not relevant here, to do that.) That left in the base domain only a trivial greeting–switching html page containing static links to CMS instances in the subdomains. The second breach inserted a lot of hidden links in that file. As far as I can see there was basically nothing to hack in the base domain, so hijacked FTP seems like the most likely means of access. FTP passwords were reasonably robust, so brute force seems unlikely.
By the way, tech support was unresponsive to our incident reports, and the vendor doesn't provide an FTP access log, which could confirm or rule out that someone sniffed FTP credentials.
—
There are only two of us with site root access. We're co-workers on a public-interest site, so both highly motivated to secure the site. I'm concerned that my colleague isn't very technical and doesn't have a lot to spend to protect his PC, so he may have picked up a keylogger.
There are only two of us with site root access. We're co-workers on a public-interest site, so both highly motivated to secure the site. I'm concerned that my colleague isn't very technical and doesn't have a lot to spend to protect his PC, so he me have picked up a keylogger.
Best Answer
Has the root-causes of the breaches been determined first and was determined to be a result of compromised logons (which may or may not be an indication of a hijacked ftp session)? Replacing ftp with sftp is definitely more secure, but is it actually addressing your past breaches (to keep you from being a repeat victim of the same vulnerability - which should be the first priority)?