Website has been compromised (how to prevent it)
Posted by WestNIC Support on 05 December 2010 08:29 PM
If your account suspended for:
- cpu overload (associated with php/cgi script abuse);
- phishing activity
Please follow these steps to ensure website security in the future:
1. Scan your personal computer with latest Antivirus software. We do recommend Kaspersky Internet Security 2013. Please remember: the most important part is not finding a virus, but to resolve vulnerability issues.
2. If computer is clean, please generate full site backup via cPanel > Backup. Backup must be downloaded to personal computer then removed off the server via file manager or FTP. You should also download all static files via FTP and make separate MySQL backup.
3. Please submit support ticket to support.westnic.net for username change. We will change username and also update site password.
4. As soon as you receive new username and password, please remove all content from public_html folder. Please DO NOT REMOVE public_html folder. You need to remove all content inside public_html folder, folder by folder except system cgi-bin directory.
5. Now you need to reinstall all scripts. Please visit your script vendor, download newly released versions then install it. If you didn't have any php or cgi scripts installed (only html pages), you would have to open all pages via File Manager > Editor or via FTP program then remove malicious code manually.
6. Please make sure that you set correct permissions on files and folders. Config files must be chmoded to 400 (after you done modifications), all php, images, html pages: 644, folders and .perl /cgi scripts: 755.
7. Please make sure that your backend protected via "cPanel > Password protected directory".
8. Please change username for backend via cPanel > PHPMyAdmin. Most installers recommend username "admin" or something similar. Good username should be set to something harder to guess, for example, s7d8q13
9. Passwords must be set via password generator tool provided by cPanel and WHM. Even if you install Wordpress Blog, you still have to use strong password. DO NOT save passwords within browsers!
10. Always use secure cPanel channels, for example, https://serverid.westnic.net:2083 (where is "serverid" - your server ID with WestNIC). You can find all control panels here:Â http://westnic.info/tutorials/control_panels.html
11. Keep your Antivirus updated, make sure that you have no vulnerabilities (especially associated with Java, Google Chrome, Internet Explore, Outlook and Adobe products).
12. Generate then download own backups at least once per month! Backups must be stored on personal computer. WestNIC isn't responsible for any data residing on servers. While we maintain automatic weekly and offsite monthly backups, we cannot guarantee availability of backups.
13. Keep an eye on public_html folder activity. If you noticed something weird, for example, new folder, please do not remove it! You have to go through all steps written in this article.
If you have any questions regarding site security or wish to add helpful tips to this article, please contact us via support.westnic.net