Do you know when unauthorised users login to access your server? Do you disable email alerts from your Webhosting server just because the repeated emails keep cluttering your email inbox? While most managed hosting providers offer to disable server e-mails, these automated email alerts which you get from your server are very important for server security and to keep your web hosting account and website safe from hackers
Instant Login Access Alert
Whenever anyone logs in to our server, via WHM or Cpanel, an instant e-mail alert is sent out with login details like exact time, IP addresses, and authentication method of the user. For example, these are e-mails we instantly receive when our tech support guy enters root password to gain access to our server to sort some technical hosting issues. [Side tip: it also helps to know when exactly tech support logs in to act on your support ticket]
This is very useful as it allows you to keep a constant check on who logged into your server. If you use BlackBerry phones, or any modern smart phone for that matter, and have configured instant e-mail alerts on your mobile phone, then you would be able to track unauthorised login access immediately and take active measures by contacting your web hosting service quickly.
On VPS hosting accounts, since you have root access, usually the Webmaster is the one who logs on, and your hosting provider may login to provide technical support. Any other access would be suspicious and unauthorized!
You would be surprised to know how many unauthorised login attempts and FTP access attempts are done daily on your server. We use ConfigServer Security & Firewall (csf) and Login Failure Daemon (lfd) to secure our server, and we keep getting multiple blocked IP reports every hour. [Of course if your settings are not right, you could be choking site traffic]
Since these alerts are many in number everyday, most Webmasters would like to turn them off because they clutter the e-mail, and sometimes induce anxiety when we don’t understand all the technical stuff mentioned in the e-mail, just to let the technical support tell us that it is routine and of no consequence.
In most shared hosting servers environments, you would hardly get such e-mails, mostly because you don’t have root access, and the shared hosting service provider turns off alerts to your e-mail, because they do not want you to panic on every routine login, upgrade, process going on in your server. Moreover in shared hosting, it is the responsibility of the web hosting provider to manage your server security, so your site is much safer compared to those on unmanaged VPS hosting or dedicated servers, where you need to be more cautious and updated about server security.
Keeping these alerts on was the primary reason we could detect when our site was hacked, as we got e-mail alerts that root login was done by someone whose IP did not match ours, or are hosting provider (it’s a good idea to remember the IP address from which your tech support logs on). If these alerts were not on, just to save time and e-mail clutter (believe me how many times I wanted to turn them off!), we would NEVER have known that unauthorised root access to our site was done and some hacker had compromised server security to do malicious damage.
What changes the hacker did could not be detected, but at least the e-mail alert let us know that server security was compromised, and Knownhost, our managed VPS hosting provider could roll back all files in a previous backup. It is also one of the reasons we maintain a separate WordPress site backup using Vaultpress.
So keep those server login e-mails coming, even if your hosting provider offers to disable these e-mails. A few timely e-mails will go a long way to protect your website.