home
about us
faq
support
contact us
search
sitemap
webmail
login
24x7 Support
DOMAINS
WEB HOSTING
SERVERS
WEB DESIGN
ECOMMERCE
BUILD TRAFFIC
MAKE MONEY
ORDER NOW
Knowledge Base
We have developed our knowledge base for both customers and employees to reduce support response time and provide the most relevant, up to date answers to common questions and problems. Our internal support ticket system enables our staff to selectively include any reply to a question or support issue to our real time Knowledge Base.

The Knowledge Base is indexed by subject and can be searched by keywords and phrases with results being displayed in the order each message was sent by our staff. The most recent messages appear at the top of the search results, while older messages are ranked lower. We routinely edit and delete outdated messages to ensure that only the most current information is provided.
Guide to Common Questions Search the Knowledge Base
Login/Password Issues
Renewals
Database Issues
Addon Domains
Can You Increase My Disk Space?
Spam
Domains		 Email Settings
Manage Email Accounts
My Website Is Down
DNS
SSL Certificates
Auto Installer / PhpCart
Transfers

Login/Password Issues

  • How can I locate my domain account or hosting account passwords?
  • I forgot my username and password. How can I log in?
  • I changed my email address and lost my password. What do I do now?
  • A former worker managed my account. How do I gain access?
  • I changed my hosting account password, and now I am getting database errors. How do I fix this?
  • I changed my hosting account password, and now I can't log into my Secured.com folder. How can I log in?
  • How do I reset email passwords for my own email accounts or those associated with my addon domains?

Renewals

  • Why do I need to renew my domain if it's free with hosting?
  • Where do I go to renew my account?
  • I am in charge of renewing my company's account, but I don't have login access. How can I make a payment?
  • I need to renew my account, but I lost my username and/or password. What do I do now?
  • Why didn't I get the renewal email notification?
  • Why do I have to renew my domain account if it's free with hosting?
  • How long does it take for my account to become active after I make a renewal payment?
  • I renewed my domain, but it is not pointing to my hosting account. What do I need to do?
  • How do I locate the DNS settings for the primary domain (or addon domains) in my hosting account?

Database Issues

  • My website is showing a database error related to sessions and says I should repair the table. How do I do this?
  • I changed my hosting account password, and now I am getting database errors. How do I fix this?
  • How do I add a new database to my account?
  • How do I log in and out of my different databases?

Addon Domains

  • What steps do I need to take to add a new domain to my account?
  • What are the DNS settings for my addon domains?
  • How do I know which forwarding type to use for my addon domains?
  • How do I set up a subdomain for an addon domain?
  • Where do I go to create and manage email accounts for my addon domains?
  • How do I reset email passwords for my own email accounts or those associated with my addon domains?

Unlimited Disk Space and Storage

  • Is the disk space really unlimited?
  • How can I get my disk space increased?

Spam

  • What are the best spam filter settings I can use?
  • Banned words are still getting through my spam filter. How can I stop this?
  • My customers are getting a bounce email when trying to email me or someone in my company. How can I stop this?
  • How do I reset email passwords for my own email accounts or those associated with my addon domains?

Email Settings

  • What are the email settings for my email client (Outlook)?
  • How can I modify the outgoing servers for my 4Admin Webmail?
  • What are the settings I need to get email on my iPhone?
  • How can I successfully forward my email to Gmail and Hotmail?
  • I can receive email, but I cannot send out. How can I resolve this?
  • My email is being blacklisted from Gmail, Yahoo, Comcast, etc. What can I do?
  • How do I reset email passwords for my own email accounts or those associated with my addon domains?

Manage Email Accounts

  • Where do I go to create and manage email accounts for my primary account?
  • How do I reset email passwords for my own email accounts or those associated with my addon domains?
  • Where do I go to create and manage email accounts for my addon domains?
  • My customers are getting a bounce email when trying to email me or someone in my company. How can I stop this?
  • I am hosting my email on an exchange server. How should I modify my DNS settings?
  • I am hosting my email at another location. What settings should I change?

My Website Is Down

  • My website is down. What should I do?
  • My website is up for some people, but down for other people. How can I troubleshoot this?
  • Some of the images on my website are not displaying. How do I troubleshoot this?
  • My SSL certificate has been installed and is displaying a warning that indicates everything is not secure. What is the issue?

DNS

  • Where should I go to change my domain DNS settings to point to my hosting server?
  • What are the DNS settings for my addon domains?
  • My website is up for some people, but down for other people. How can I troubleshoot this?

SSL Certificates

  • Where do I go install my certificate?
  • My certificate installed successfully, but it's not working. What do I do?
  • How long does it take to order and install my SSL Certificate?
  • My SSL certificate has been installed and is displaying a warning that indicates everything is not secure. What is the issue?

Auto Installer / PhpCart

  • Wordpress Common Issues
  • Joomla - I am getting the error "restricted access"

Domains

  • How do I locate the DNS settings for the primary domain (or addon domains) in my hosting account?
  • Where do I go to renew my domain?
  • Why do I need to renew my domain if it's free with hosting?
  • What can I do to make sure that my domain doesn't expire?
  • My domain expired recently. Is it still mine and, if so can I renew it?
  • My domain expired a month ago and the whois indicates that it's in the redepmtion period. What are my options?
  • How do I transfer my domain and hosting account TO Webmasters.com?

Transfers

  • How do I transfer my domain and hosting account TO Webmasters.com?
  • How can I transfer my domain to another owner or domain account WITHIN Webmasters.com?
  • What steps do I need to take to transfer my domain to another domain registrar?
  • How do I locate the DNS settings for the primary domain (or addon domains) in my hosting account?
PRINT

Subject: Wordpress and Joomla Brute Force Attacks

The following message was sent by our staff regarding the above subject:

Update 08/18/15
For a 2-Step protection method, use the [Secure Directories] tool inside your Hosting Control Panel to create a username/password login for your Wordpress or Joomla installation so that it has an additional layer which must be logged into to make administrative changes.

Update 10/6/14
While the majority of major attacks have long since subsided, it still rears its ugly head from time to time. We've again updated the block code as the new attack favors xmlrpc.php over wp-login.php.

The new code looks like this:

<FilesMatch "^(wp-login|xmlrpc)\.php$">
Order Allow,Deny
#(replace with YOUR IP)
Allow from 123.123.123.123

#(additional lines can be added for multiple IP access (remove the '#'))
#(leave off the last number to allow an IP range for alternating IPs)
#Allow from 123.123.123.121
#Allow from 123.123.123.
#Deny from all
</FilesMatch>


Update 11/7/13
Wordpress has published their own advice, plugins, methods, tools and otherwise to help with this problem.
Please feel free to try these methods as well:
http://codex.wordpress.org/Brute_Force_Attacks

Update 7/25/13
The majority of attacks have subsided over the last month and many have been deterred by your efforts to lock down your sites. We still *STRONGLY* recommend you follow all the steps outlined below.

Update 6/28/13
It has been confirmed that clients utilizing the [Custom Error Pages] tool should disable the redirect for the '403 - Forbidden' block as this is absolutely a subversion of the .htaccess code. Even if the attack is diverted by IP restrictions, it will cause the redirected page to load repeatedly as the attack continually hammers the server until it overloads and crashes.

Update 6/17/13
The attacks have slowed, but unfortunately still continue. We continue to update our firewall as we go.

Update 6/10/13
The good news is the majority of these attacks have either subsided or are being blocked by your updated security, and or our network-wide firewall. We will continue to monitor, update and block attacks as best as possible. Please let us know if you have any questions!

Update 6/9/13
We have recently learned that if you block access to wp-login.php or /administrator/index.php as suggested below but are also using the [Custom Error Pages] tool that it may subvert the IP locking process and if your site is involved in a crash, it may be removed by support. This mostly applies to Forbidden requests, or others that redirect to another page as this causes the attacker to repeatedly load that page instead of being stopped.

This can be verified by removing your IP (that you added) and trying to access the target file. If you're blocked, then you are safe. If not, then your redirect is interfering and should be removed.

Update 6/8/13
We have blocked many of the IPs involved in the attacks and will continue to monitor and update the situation. Please update your files as described below.

6/7/13
There has been a rash of Wordpress and Joomla brute-force login attacks hitting our networks and across the internet which have been causing server down time and other issues. We are actively trying to block these attacks, but prevention on our client end will help to solve and even prevent the problem as well as protect your sites from these malicious hackers.

Please read the following information on how to secure your login files so that only your specific IP or IPs will have access as this will also stop heavy server loads from repeated hammering.

If you have questions, please contact support@webmasters.com

---

Has your site been targeted by a specific IP or various IP's? Notice they are targeting a specific file? For the most part the targets are usually credential related like login pages and can be avoided.

Excessive requests to one specific file can cause a server overload and now your site is offline indefinitely due to server reboot and potentially administrative action to stabilize the server.

We suggest adding these lines to your existing .htaccess file or creating an .htaccess file. In this example we are using the file associated with WordPress and it's login page. This file can be modified for any file that may be at risk of being targeted.

Please use this code for Wordpress in your /wordpressdirectory/.htaccess file:

ex:
/httpdocs/ (root directory installations)
/wordpress/

<FilesMatch "^(wp-login|xmlrpc)\.php$">
Order Allow,Deny
Allow from 123.123.123.123 #(replace with YOUR IP)
#Allow from 123.123.123.121 #additional lines can be added from multiple IP access
#Deny from all
</FilesMatch>

Please use this code for Joomla in your /joomla-directory/administrator/.htaccess file:

ex:
/joomla/administrator
/httpdocs/administrator (root directory installations)

<FilesMatch index.php>
Order Allow,Deny
Allow from 123.123.123.123 #(replace with YOUR IP)
#Allow from 123.123.123.121 #additional lines can be added from multiple IP access
#Deny from all
</FilesMatch>

This should protect this file and only allow specified IP(s) access. This code can also be duplicated and modified to protect other files on your account.

Please feel free to contact us again if you have any other questions or issues. Thank you for contacting us.

Best regards,

WEBMASTERS.COM
Support Team
Search Term:
  SEARCH
PHP 7 is here! Upgrade now, for free!

Home | About Us | FAQ | Contact Us | Support | Customers | Login | Terms | Privacy | Whois | Search | Site Map
© Copyright Webmasters.com. All Rights Reserved
 Traffic Partners:  Website Templates :: Free Videos :: More Traffic Partners >>
 We Want to earn your business! Please help us improve by completing our anonymous Visitor Survey.
Domaining.com recommends this domain name registrar   Icann Accredited Registrar