cpanel website hacked

Jump to: navigation, search

If Site hacked change below passwords with immediate effect.

  • cPanel Password
  • Email Passwords
  • FTP passwords - Make sure all FTP accounts listed in cPanel are in use. If they are not using, remove them from account.
  • Passwords for any Content Management Systems (CMS) such as WordPress, Joomla or Drupal. Always update latest version of the scripts.
  • Check email forwarders are correctly forwareded to the correct email addresses.

Then check ftp logs and apache for finding hacker file

grep FILE_NAME /var/log/messages*

grep FILE_NAME /usr/local/apache/domlogs/DOMAINNAME

grep username /var/log/messages*

ls -l /usr/local/apache/domlogs | grep