Cloudways is looking like a scam site

Its everywhere, you can use plesk and maybe linode/vultr as they have more quality machine than DO. i have heard of closte. com as well but its PAY AS YOU GO on Google clouds.

If Cloudways is not going to try and keep us safe from bots and hackers, I don’t see the purpose of hosting on Cloudways.

Cloudways says that they do have these things in place. Take a look at this…

That’s almost 67,000 attempts to log in to wp-admin in 24 hours! If Cloudways has any controls in place to help stop this, the hackers haven’t noticed.

This is just before I renamed the login page, turned off xmlrpc and loaded WordFence and enabled banning IP addresses that fail to enter the right login credentials 5 times in 15 minutes. Now the most hits from an outside IP is only 21 on that application.

2 Likes

I meant wp-login.php - but I cannot even edit my posts here without an error from Cloudways…

@garth @ljhubbardjr wait what? debian 4 in 2020? you got to be kidding me. How did you check so i can confirm mine

That is a lot of request

I made a mistake. The debian version of my server is actually 9.11. This is how you check it for yourself… You can ssh into your server using the instructions here --> https://support.cloudways.com/how-to-launch-an-ssh-terminal-from-the-console/

When you get logged in, look at the top of the login box and you should see something like this…

Since my contact with Cloudways support tonight, and their rebooting the server, the CPU% has reset to normal levels.

Were you not able to restart he server yourself? Didn’t you do this to start with?

If you are going to host any WP sites, and you wish to actually secure your sites properly, hiding the login page and blocking IP addresses is pointless.

Cloudways is providing server-level security through mod_sec provisioning - but it is up to you to setup on-site security (whereas providers of WordPress managed hosting like WP engine provide you with their own plugin to do on-site security).

We also provide WP managed services for our clients (and have done for years), but we do security better on-site by using Bulletproof Security Pro as a key part of the puzzle. It’s got a cludgy interface, but it is easy enough for beginners to setup if they just follow the instructions and leave the settings as standard - this identifies all of the potential exploits and auto-blocks before they even reach WP software (so light on CPU). We run very large sites which are protected by this and other tools/setups.

And of course we enforce very strong admin usernames & passwords on all of our hosted sites and keep software up-to-date at all times using our centralised tools.

If you or your friends need secure and very fast WordPress hosting you can email me on garth@bbmedia.com.au

I did not see any way to restart the server and I didn’t want to disturb whatever was causing the issue only to have it reappear later. I thought that the restart fixed the issue, but this morning the CPU was stuck at 100% again - so the issue was ongoing.

I thought (because their site says so) that Cloudways basically hosted servers with protection from bots and hackers but that was about all. Evidently their bot and hacker protection is non-existent and their ability to fix this issue is coming into question as well.

Cloudways told me that one of my sites had been compromised and (surprise) suggested that I buy Sucuri’s security services at a “discounted price”.

So I went to Sucuri’s online malware scanner and scanned the site. It came up clean of malware or anything else that looked bad…

(Cloudways blocks new users from posting more than one image per post so I can’t show you that screenshot here)

And I didn’t stop there… I loaded the Sucuri security plugin and scanned the site. It said that some core WordPress files had been modified. Files like - “wp-admin/images/media-button-video.gif”. Now this site had been up for about 2 years without being changed hardly at all.

Being the curious guy that I am, I started a completely new WordPress application and loaded the same Sucuri security plugin as on the old site (directly from the new plugin screen in the WordPress dashboard) and nothing else. Then I ran Sucuri on the brand new site, and guess what? It said the same exact thing “Core WordPress Files Were Modified” ON A BRAND NEW SITE WITH NOTHING BUT SUCURI’S SECURITY PLUGIN INSTALLED. So what good is that?

Either the plugin is crap or virgin WordPress applications on Cloudways is being installed infected.

All of this still points to one thing for me (bear in mind that I am NOT a WordPress security guy) that Cloudawys appears to be a scam, or at least is (1) not fulfilling their promise of having bot and hacker protections for Cloudways users and (2) constantly recommends upgrading servers which should not need upgrading and recommends buying more services (“at discounted pricing”) to fix what should never have happened in the first place if they were actually watching for hackers and bots.

“my mother was diagnosed with cancer less than 2 weeks ago”
Sounds like things are not going well for you at the moment- sorry to hear.

Call Cloudways what you will, but they (nor the cloud hosting companies on whose servers they are deplying for you) can’t guarantee the security of the apps that are put on their servers. That is either achieved by paying extra for managed hosting (as you have with WP Engine), or it is the domain of the web developer to manage it.

All the above shows is that the version that Sucuri is referencing is slightly different to the version Cloudways is installing. No uncommon for scanners that compare versions - just check and compare the highlighted files to ensure that the files are OK.

As mentioned, I use Sucuri and Wordfence to scan sites but I don’t use their security tools to actually secure my sites for good reason. I’ve posted what I use… well, a part of what I use, but there’s a bunch of other things involved in locking down a Wordpress server & website as well, before we even get to installing security software, and then there’s appropriate spam protection on top of that, and ongoing management and monitoring.

It is true that Cloudways IPs tends to draw more than it’s fair share of attention from hackers. At least it did for us when using Vultr server. I noticed an increase in exploits when using Cloudways, even though we run our sites through Cloudflare web proxy (so thst indicates they are specifically attacking the IPs used by Cloudways on the cloud hosting providers) not our domains in particular. Another reason why we no longer use Cloudways for all of our client websites.

But bottomline, almost certainly it sounds like your website is compromised and needs to be cleaned and secured properly. You could go out and get this cleaned up by someone but unless it is properly secured it is likely it will re-occur.

Jim, I’m happy to help, either for a fee or if we provide ongoing hosting for these sites. For immediate resolution of this you could port the sites across to our Cloudways server and we can then handle it from there. If you provide me with a way to contact you I can discuss it further.

Most of the providers like Cloudways, modify wp-admin files to automate tasks they do during the installation. Have you tried the “Clean Wordpress Install” instead? But even that, might have automated tasks injected in core files.

This is serious… And i recently deposited some funds into my account.

?? what’s serious? that you realised that you are now ultimately responsible for securing the apps that you are running on your Cloudways hosted server?

That even after all the security tips my CPU still over loads am just worried for adding more funds

Have you not read the comments in this thread? You either have a malfunctioning script on your site or incorrect setup, or if you now have a perpetually overloaded CPU and this is a recent issue you probably have a compromised site. Cloudways just helps you manage your servers and provides the basic setup and server security. It’s up to you to have a properly performing website, with appropriate security,

alright i have you heard you thanks, so are you still hosting with cloudways?

As mentioned above, I have only one server left at Cloudways which runs one site (a high traffic mission critical site). It’s being redeveloped on a new platform and will be leaving CW next month.

Before Cloudways we used a large local datacentre who provided professional server systems. We wanted more control, particularly over the caching and security settings so we tried Cloudways. Ultimately we needed more control than what Cloudways provided too, and we also had issues with Varnish and the operation of some of our custom devs. But for the average WordPress, Joomla etc. site CW is fine and pretty good value if you’ve got multiple and/or high traffic sites want someone to setup and manage the server and hold your hand.

I had multiple servers hosted here at Cloudways, hosted on Vultr servers, with quite a few accounts and they ran fine. While I had issues with the support when I first started (you can view my posts in the major support thread on this forum where a lot of us have had issues), the support has definitely got better in the last 6 months.

Cloudways is a good way to use the large cloudhosting providers without having to become a sysadm and navigate their system to setup your own servers. They take all of the heavy lifting out of it, offer basic support and frankly the cost is decent for the power that you get. So for those with any sysadmin experience, or a desire to learn, CW is a good balance.

But if you’re a consumer-level hoster, then you should use a managed service like Kinsta, WP Engine, etc. We actually do the same thing as these places for our own hosting clients (have been developing websites and hosting our clients for longer than WordPress has been around), hence my offer if you or anyone wants managed hosting. We provide personalised service at similar or better prices, particularly if you have multiple accounts.

Our managed hosting takes care of all aspects of the site setup and servers, s/w maintenance, advanced security, and we even conduct speed optimisation on the sites as well as a starter SEO (not just smushing oversized images like a lot of places but actually optimising the images and the overall site for speed).

Cloudways is not managed WordPress hosting - they do “manage” the entire server aspect for you but not WordPress or the website/application end of the deal. They provide server setup and a bunch of (quite good) management tools, migration, cloning/staging, server backups, and they also provide pretty easy to read docs and emergency/troubleshooting support. You won’t find too many places that offer a similar setup with so much, right out of the box, for so little.

We actually moved the rest of our sites to AWS because we do a lot of highly customised web dev and wanted to have more direct control over the servers, without running our own boxes. Also we wanted access to the automation tools and scalability that only the big players (ie. AWS and Google have). You can get access to their servers through Cloudways but to use their systems in an integrated way requires a direct account and ultimately we need their support using their more advanced systems.

1 Like

ami tomay valobasi ki hobe eto kichu vebe aso dina jay to beche thaki vabllase geche

WOW. I cant believe what I am reading in this thread. Its downright scary. Why are they trying to get into those sites? I thought only porn sites got hit like that. What in the world do they want by hacking into those sites?? I just don’t understand their profit motive. Are they looking for credit card data or something?

People are often surprised by this. There are a lot of reasons why hackers hack.

  • To improve their clients SEO by filling your site with links. The client and or reseller usually do not realize they are paying a hacker.
  • To send spam emails from a server that hasn’t been blacklisted by email providers.
  • To make money by replacing or adding advertisements to your site.
  • To use your website’s resources to help them hack into other sites.
  • To use your website’s resources for cryptocurrency mining.
  • To steal credit card info and credentials.
  • To use your website as a place to store downloads containing viruses.

25% of web traffic is actually from malicious bots scouring the web for websites they can hack. Bots are not selective in who they target, you could be some super awesome local charity, and if you’re ignoring security, in due time you will likely get hacked.

1 Like