cPanel Restore and Verify All Data and Secure Site

    The article was added by Tanya R. at 09/28/2008.

   Submit | About | Contact & Privacy Policy

You are here: Articles Directory » Web Hosting

Bookmark and Share

Remember, don't panic! The damage is probably already done and isn't likely to get much worse (if you act quickly). Try to stay calm and provide your web host with as much information as you can, not necessarily limited to but including:

• The domain name of the site that has been hacked, with a URL to a page illustrating the problem if possible.

• Your cPanel username and your server's IP address (or the server name if you know it). You can typically find the server IP address in the welcome account information that your web host sent you (you should never delete this information).

• Your host will probably need to confirm that you are the legitimate owner of the site. Receiving an e-mail or call from you isn't necessarily good proof that you are who you say you are (as these can be spoofed). Your web host may ask you for your billing information like the name on the account, the billing address, last 4 digits of your credit card (but be wary if someone asks for the entire number), the plan you originally signed up for, when you signed up, or even a secret question that you provided an answer to when you first signed up. Try to make sure you have as much of this information as possible on hand before you contact your host.

• You should provide as much information about the problem as you can manage: When did you first notice the problem? Did someone threaten to hack your site recently? Did you receive any threatening or odd e-mails either before or after your site was hacked? Did you notice anything odd in your site error log or raw web logs in the days or hours leading up to the attack? If you don't know exactly when the hacking attempt happened, when was the last time you accessed your site and it worked fine?

Your web host should be able to provide you some additional information concerning how your site was hacked, so be sure to ask them to investigate this incident thoroughly. Your host will likely do this anyway, since it is in their own best interest, but it's always good to ask just to be safe. It is important to learn from any hacking experience so that you do everything in your power not to fall prey to the same kind of attack again. Hopefully, this will never happen to you, but if it does it is always helpful to be prepared.

Step Two: Restore and Verify All Data and Secure Site

Once the hacker has been locked out of your account and your site returns to your control you should change any site or account passwords so you can be sure that hackers will not have access to anything in your account. Then it is time to assess the damage and try to restore your files. Did you have any important private information on your site? (Credit card information, information about your personal addresses, private mail, passwords, and so on.) You may want to contact your credit card company or any other users who might have been affected and let them know what happened so they can take steps to protect both you and themselves.

It is possible that your host has backups of your files from before the hacking attempt, but you should not count on this. Having your own recent backup is critical. Hence, it is a good idea to keep more than one previous backup; if you don't notice the problem until after your next scheduled backup you will still have something you can use. Even if your host does have a recent backup, it may take time for them to locate your files and restore them for you. Having your own backup will make sure you are up and running as quickly as possible.

Restore your account data from your own backups that you made using cPanel's backup feature (or any other backup method that you used). Just log into your cPanel account and restore the home directory backup, e-mail aliases, filters, and MySQL databases. If you have taken a full site backup through cPanel, you will need to upload this backup to your home directory and ask your web host to restore it for you. If you used other methods to backup the data in your account, you will probably need to manually copy the backup files into place over the current ones (be sure to remove any files you don't recognize from your site, as the hacker may have added them). Never trust that any file on your website wasn't modified in some malicious way. Even scripts and databases that seem to be intact and working may have been altered somehow. Good hackers are quite subtle because they don't want you to realize your site has been compromised and thus take steps to lock them out. Leaving hacked content in place could make it easier for the hacker to gain access to your account again. Pay special attention to any .htaccess files in your public_html directory or subdirectories and custom error .shtml files (404.shtml). These files may be modified in such a way that even if other content isn't modified, visitors may be redirected to other websites or messages from the hackers.

Update any scripts you use on your website to the latest version. If you know that a hacker has got access to your site via an insecure script and that script does not have a more recent update, you should consider disabling it until one comes out or switching to another, more secure script. In addition, look carefully in your entire account for any suspicious files that weren't there before your site was hacked. If you've manually uploaded files back to your web account from a backup, you may be leaving some new (hacked) files in place. If you see something that seems suspicious, remove the files and report the find to your web host, providing a sample if requested. They should be able to tell you if the files are anything to worry about or if they are required for proper site operation. Such files may also provide your web host with more information about who hacked your account and how it was done.

Once your site is clean and working properly again, watch your web stats and error logs for additional unusual behavior because hackers will usually revisit your website to see if they can gain access to your data again. Report anything that seems odd to your web host immediately. If you or your web host have determined what IP address or addresses the hacker used to access your website, you may be tempted to place them in your IP ban list in cPanel. While this isn't a bad thing, keep in mind that most hackers can easily switch IP addresses and the IP banning tool in cPanel only prevents website (port 80) access by that IP address. It doesn't stop FTP, e-mail, cPanel or other types of access. In addition, if you block a wide range of IP addresses you risk blocking legitimate traffic to your site. Your web host (if they wish) can ban an IP or range of IPs from ever accessing anything on the entire server.

Web Hosting Disclaimer

  • The ArticleCity.info articles directory team is not responsible for falsehoods, inaccuracies, or any other types of misinformation this article may contain and will not be liable for any damage or loss suffered by a user through the user's reliance on the information gained here.
  • ArticleCity.info articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us and we'll investigate the specific article(s) and we will remove the copyrighted material.
Other Web Hosting articles
Understanding how networks work on a basic level - The Basics of Networks Understanding how networks work on a basic level is fairly simple but can quickly become complicated. This is especially true if you are unfamiliar how the technology within different networks functions. From a mecha...
There are many roles that a server can occupy - There are many roles that a server can occupy. For each one there is a unifying similarity: they have to be on a network and have other computers connect to them. In addition to that, these connecting computers have to request something that the s...
Customer Service Leading the Way in Technology - Just the mere mention of the word “internet” can sometimes be very intimidating to people. It's been known to give off the impression that it's to highly technical and confusing for any of us to understand. Unless we've had years of experience, or...
Web hosting requirements at a hosting company - What are the Company's Hosting Policies? Amid all of the marketing material on your potential host's website there is usually some fine print (or worse yet, some things aren't even mentioned publicly) concerning the rules they impose ...
cPanel web hosting account explained - Getting Started with cPanel Now that you have a shiny new cPanel web hosting account, it is time to learn the ropes of cPanel's interface. However, b...
cPanel Interface and general hosting account information - The Main cPanel Interface If you have successfully logged into your account, you should be presented with the main cPanel interface, shown below: ...
cPanel and its general server information explained - General Server Information This is followed by information about the server your account is on: Operating System: This is the operating system that the server your account is on is running. Probably this will be Linux. ...
FTP accounts in your cPanel web hosting account - FTP and cPanel's File Manager It is most likely that one of the first things you will want to do after getting your web hosting account, and taking...
Creating and Managing FTP Accounts under cPanel - Creating and Managing FTP Accounts in cPanel Depending on your hosting plan, you may not be limited to just a single main FTP account. Why would you need more than one? You probably don't if you are the only person wh...
cPanel File manager and File permissions - cPanel's File Manager FTP is not the only way to manage files and directories in your hosting account. cPanel includes a File Manager that will allow you to do almost anything you can via FTP (and a number of things t...
 
   
Copyright © 2007-2008 Soft Articles Directory. Designed by the Soft Article Directory Team.
The articles and tutorials in the directory are property of their respective owners and authors. Read our Privacy policy.