Question
What can be done if a cPanel account is compromised?
Answer
The best course of action to recover from a compromised account is to restore from a backup, change all passwords on the account, revoke any ssh keys, and enable Two Factor authentication. You can read more about how to do these tasks here:
Restoration:
Restore an account from a backup file on the server
How can I restore my backups from a remote destination?
Passwords
How to reset a cPanel user's password
How to reset your email password through the cPanel interface
How to reset an FTP user password
How to reset a database user password
Two Factor Auth:
How to enable Two Factor Authentication for cPanel users
Revoke SSH Keys:
How to manage a public key in the cPanel interface
If you would like to find information about how the account was compromised or what kind of malware might be on an account, you must reach out to a security specialist that has the skills, training, and expertise required to perform an investigation.
If you would like to take steps to help mitigate this kind of issue in the future, you may be interested in reviewing the following resources:
How to backup to a remote location
Comments
0 comments
Article is closed for comments.