This post describes how to help stop future attacks and safeguard your website once it has been hacked.
Finding out how your website was hacked is the first step in securing it and returning to regular operations. Generally speaking, one of the following causes accounts for the majority of hacks:
The password to your FTP/SSH account has been stolen.
The public_html directory's files and folders have too lenient file permissions.
Because pre-bundled software programs have grown significantly, software vulnerability attacks are more frequent than FTP/SSH password breaches. After installing a program, users frequently neglect to install security updates, leaving their websites open to intrusion.
Similarly, code or data may be exposed and perhaps abused by an attacker if a file or directory in the public_html directory has permissions set to 777 (full access).
Finding out if someone has stolen your password and accessed your account should be your first step. To do this, take these actions:
Use SSH to access your account.
history```
This command shows the date and time of the past 1000 commands executed on the account. Look over the list's most recent entries for any commands that don't appear right or that you didn't write.
3. Enter the following command at the command prompt.
cat ~/.lastlogin```
The IP address of the most recent user to log into your cPanel account is shown by this command. The cPanel home screen also provides access to this data.
If you believe or find out that someone else is using your account without authorization:
Change your cPanel account password right now.
Give up using FTP. Regular FTP sends your password in plaintext, unencrypted, over the Internet, making it vulnerable to interception. Instead, use SSH or SFTP.
Once these procedures have been completed, go to the Cleaning up.
Malicious actors can use automated scripts to take advantage of well-known security flaws in outdated software products. Both manually installed packages and those you installed with Softaculous are considered software applications. These are often programs like forums, shopping carts, blogs, picture galleries, content management systems, etc.
Every software program that is installed on your website should be examined. Verify that you have installed all updates and the most recent version. Be cautious to verify the plugins when you upgrade software programs. Look up the name of the plugin and the word "vulnerability" online to discover if there are any known problems with your version of the program, if you have any non-standard plugins installed. Update the plugin or disable it if you find any known vulnerabilities.
Additionally, you should use cPanel's Error Log function to look for recent faults on your website. You can identify which software programs or data are at risk by looking at error messages.
Once your plugins and software programs have been updated, go to the Cleaning up after a hack section.
Cleaning up the mess the criminals left behind and getting your website back to normal is the next step after securing it.