Site Hacked, What Do I Do
Our data center's Technical support staff regularly watches for security bulletins regarding our server's software. Our kernels are kept up to date, non-standard ports are closed off in our aggressive firewall, and server software is kept at the latest stable, secure version.
How was I hacked?
If your account has been hacked, the first question you should ask yourself is "How was I hacked?"
There are a number of possibilities in regards to how a hacker gained access to your account.
 They obtained your login details.
 Through a vulnerability in an outdated/insecure script. (This is the most common)
Serve-Hosting does not monitor the content you put on your website. You are free to host a wide range of scripts from shopping carts to image galleries. Similar to our precautions server side, it is a good idea to ensure that the software or scripts you use are kept up to date within your user space. This includes any modules, plugins, themes, addons, and etc. you may have installed.
The latest version of a script can also be vulnerable to hackers. You will want to contact any script developers to ensure the latest version of their script is secure and if it's not, what needs to be done to make it secure.
 Uploaded a malicious file(s) using an upload script available in your account.
Now that I've been hacked, what should I do?
The next question you should ask yourself is "Now that I've been hacked, what should I do?"
This is a question that is best answered by your webmaster. Serve-Hosting will be able to assist you by restoring a backup of your site from before it was hacked but we do not provide any web development services and thus will not be able to assist you in manually removing the hacked content, this is the responsibility of your webmaster. If you do not have a webmaster that can assist you with recovering your site from being hacked and you're not comfortable recovering your site yourself, we suggest hiring a professional.
Here is what Serve-Hosting suggests for your webmaster to do:
Backup your account
Download the backup to your local machine. You will want to ensure you have your backup saved somewhere other than your account on the server before proceeding with the next step.
Reset all of your passwords
This includes your cPanel (control panel), FTP users, database users, script admin users, and email addresses.
Delete all cron jobs
Remove your current contentWe do not recommend that you do this yourself, rather contact our support department and request that your hosting package be reset back to default to ensure that all the unwanted content is removed.
Re-install your site's scripts
Re-install the latest version of any scripts you still need. This includes any plugins, modules, addons, themes, and etc.
We suggest installing your script(s) using Fantastico which are available in your cPanel. Fantastico can send you notifications when new versions of the script(s) you have installed are available and installing scripts through Fantastico is a lot easier than manually installing them.
Check your databases to see if they were hacked
Hacked databases are not common but it does happen. If the database is hacked, it will need to be cleaned before you use it again.
Reconnect your scripts
Re-configure the newly installed script(s) to connect to the appropriate database. You will want to proceed with this step once you have confirmed that your database(s) are clean. There are circumstances where your database(s) may need to be converted to work with the latest version of the script you installed. Most of the time all that needs to be done is the script's configuration file needs to be modified to use the database's connection details.
Upload clean files
Upload any needed clean files from the backup you generated.
How can I prevent my account from being hacked?
This is a question that is also best answered by your webmaster or the script developers of the script(s) you have installed within your account. Here are some suggestions Serve-Hosting has.
Keep scripts updated
Keep all scripts installed within your account updated to the latest version available.
Developers of web-based scripts release new updates to their software periodically. These updates often contain feature upgrades, but more importantly contain security updates as well. By keeping your scripts up to date, you ensure that the latest security holes are patched and only the content you post is displayed on your website.
If you have installed any scripts through Fantastico within your cPanel, you can have a notification emailed to you once a new version is available for any of the scripts you have installed.
Use secure passwords
Only use secure passwords. A secure password consists of letters, lowercase and uppercase, and numbers composed in a random pattern. At the very least, you want to ensure your passwords do not occur in a dictionary. It is not uncommon for hackers to attempt what is called a "Dictionary Attack". In such an attack, all of the words contained within a dictionary are guessed as a possible password. If your password occurs in the dictionary, such a brute-force guessing attack will succeed and allow unauthorized visitors access to privilleged information. Here are a few examples:
Bad Passwords: password sailboat admin yellow
Good Passwords (but don't use these exactly): hal2kejslIs9 122l0745Js Plwn24sueh37
Your passwords should be 8-15 characters in length and, if you cannot remember it, should be written down in a location only you are aware of. Do not share passwords with untrusted individuals.
Remove script install files
Remove any script install files from your account. Scripts usually let you know, after installation is complete, what files should be removed from your account. If you're not sure what can and cannot be removed, you will want to contact the script developers for assistance.
Password protect admin folders
Password protect the directory where any script's admin panels are located.
This is just added security to ensure only the individuals you want to have access to your script's admin panel have access. If you have access to cPanel, you can password protect a directory through your cPanel. You can view our knowledgebase article on how to Password Protect a Directory
Secure Upload scripts
Make sure any upload scripts installed within your account are locked down so that only the individuals you want to be able to use them are able to do so.
Doing this could be something as simple as password protecting the directory where the upload script is located. It depends on how the upload script is installed. If you're not sure how to lock down your upload script(s), you will want to contact the script developers for more details on how to do so.
Unique MySQL users
Use a username and password to connect to a database that are only used to connect to that database.
What this means is do not use a username and password that are used to connect to other things related to your account. For example, scripts can be configured to connect to a database using the account's cPanel username and password. This is insecure because the database connection details specified within a script's configuration file are usually stored within a flat text file which can be read. If a hacker is able to read your script's configuration file, using a username and password that are only able to connect to the database specified within the configuration file will ensure the hacker does not gain access to anything else.
Install any available security plugins that are recommended for your script(s).
If you're not sure of any, you could search for recommendations to see what other users of your script(s) recommend or you can contact the script developers directly and ask what they recommend.
Separate Addon Domains
Do not host multiple sites that have scripts installed within them under one user.
It is best to keep sites that have scripts installed within them separated into their own user spaces. The reason being because if one of the sites gets hacked, the hacker will most likely have access to all of the other sites being hosted under that user. By separating the sites into their own users, you are limiting the damage the hacker can do.
As the saying goes, an ounce of prevention is worth a pound of cure. Recovering from a hacking can be time consuming, not to mention detrimental to your site's image. By following the preventative measures above, you can spare yourself the hassle of restoring your site and removing unwanted material.
Was this answer helpful?
Powered by WHMCompleteSolution