The following section will show you how to improve security on your hosting account.
|Table of Contents|
Backups are one of the best ways to recover from a hacked account. WestHost creates backups every 6 hours. Backups should be available for at least the past 3-5 days. If your account has been recently hacked, you may be able to restore your site files with a backup from your cPanel >> R1Soft tool.
Backups are not guaranteed, so we recommend that you keep a local copy of the latest clean files for your website -- you should also download and maintain copies of your database files as well.
If your account was hacked before the available backups from WestHost, then the R1Soft or Site Manager backups will not retain clean versions of the content -- they will only have the cracked files.
You can create a manual cPanel backup through the cPanel >> Backups tool, which you can use later to restore through the same tool. If you need a copy of your database from backup, please do so from PHPMyAdmin. If you need a database backup restored, that is done manually and you will need to submit a support request through https://cp.westhost.com/ >> Support.
Remember that whether you are able to restore your site from a backup or not, you will want to continue reading and following the steps in this article below. If your account was hacked there IS an issue or vulnerability IN YOUR ACCOUNT that you will need to fix.
we HIGHLY recommend your maintaining incremental backups of your account, stored off-server. You can create backups in cPanel >> Backups.
Below are steps that you can take to restore your account security and prevent future possible compromise. You will want to read this section very carefully and follow its directions.
The most common method that we see used to compromise a hosting accout is vulnerabilities in user scripts, especially populare scripts such as WordPress, Joomla, or any major PHP shopping cart or content management system.
First, ensure that all script you have installed are running the latest version. Popular scripts are especially notorious for being hacked. Since so many sites use them, they are constantly being searched for vulnerabilities by hackers.
If you cannot access the Admin or Backend for your script, or the update is not working, you can visit the website for your script to find more detailed support documentation for things like hacked installs and manual updates. I have included some links at the end of this document specific to hacked popular script installs that you may find useful.
The Second most common method for a hack is the use of malicious files on the computers that have account access. Many types of virus/malware/adware will look for hosting accounts and password to send to attackers.
After a full virus scan, WestHost highly recommends funning the free version of Malwarebytes Anti-Malware [you can download Malwarebytes from http://www.malwarebytes.org/]. This is a great application for cleaning malicious malware and adware.
Third, be sure to check EVERY FILE that you are hosting! If the attacker has left a vulnerable file on your account, they can likely use it to gain access to your account again in the future.
Look for files that do not belong, or that you did not upload. Download and view the source code for all your files to check for suspicious or hacked script injections. Some hacks will insert malicious code at the very top or bottom or your legitimate files. This is why checking your files -- every single one -- is critical!
Fourth, be sure that all the files on your account have the correct permissions, and are not giving too much permission. Having too much permission on a file might pose security vulnerabilities.
Directories should be set to 755 by default. PHP, HTML, and the majority of all web files should have 644 permissions [or the lowest that works for your website], and ANY files that contain MySQL database or other login credentials [configuration files, usually] should be set to 400 permissions so they are ONLY readable by the account owner and the server itself.
Fifth, and MOST IMPORTANT of any step, change ALL of your account passwords to HIGHLY SECURE PASSWORDS in order to cut off further attacker access. This includes your main account [cPanel or Site Manager] password, all e-mail account passwords, and custom FTP user account passwords. Without changing these, the attacker may not have full account access, but can still get into enough portions of your site to check for remaining vulnerabilities or to gather personal information until they ARE able to gain full access.
you should change your account passwords AFTER securing your computer, account files, and scripts because if a vulnerability remains in one of these places the exploit can continue to get your new password with each change.
WestHost clients who use cPanel can get immediate help to resolve your hacked account. Submit a ticket to our support team and request your account is reviewed so that we can clean your account fast. If you are not using cPanel, submit a ticket to our support team to review your account for a migration to cPanel.