We are currently experiencing a higher than usual ticket volume, and as a result there may be delays before we can reply to your ticket.
Please feel free to reference the information available in our Forums, Documentation, and Knowledge Base in the meantime.

Skip to main content

What can be done if a cPanel account is compromised?

Austin Lowery
  • Updated

Question

 

What can be done if a cPanel account is compromised?

 

Answer

 

The best course of action to recover from a compromised account is to restore from a backup, change all passwords on the account, revoke any ssh keys, and enable Two Factor authentication. You can read more about how to do these tasks below:

 

Cleaning the Infection

Is it possible to clean malware from a hacked website?

 

Fixing the Security Hole

In the following sections, we provide information about how to restore the account, reset passwords, etc.
While those are critical steps, they alone may not fully resolve the issue. If the account was originally compromised due to a security flaw in the website or script on the account, then restoring the account to a point from before the compromise occurred will only remove the previous compromise.

It will not resolve the security flaw in the website or script that allowed the account to become compromised in the first place. Special care should be taken to identify and resolve any security flaws in the website or scripts on the account once it has been restored. This process would be a part of the "Security Analysis" section below but is being highlighted here due to its importance.

Restoration

Restore an account from a backup file on the server

How can I restore my backups from a remote destination?

 

Passwords

How to reset a cPanel user's password

How to reset your email password through the cPanel interface

How to reset an FTP user password

How to reset a database user password

 

Two Factor Auth

How to enable Two Factor Authentication for cPanel users

 

Revoke SSH Keys

How to manage a public key in the cPanel interface

 

Security Analysis

If you would like to find information about how the account was compromised, what security flaw allowed the compromise to occur, or what kind of malware might be on an account, you must reach out to a security specialist that has the skills, training, and expertise required to perform an investigation.

 

Future Mitigation

One of the best ways to mitigate account-level compromises in the future is to ensure that you have an excellent backup policy with remote backups. You can learn how to backup to a remote destination here

How to backup to a remote location

 

You may also consider purchasing an Imunify360 license which would allow for you to clean malware from infected sites. More details can be found here:

Is it possible to clean malware from a hacked website?

Related articles

Comments

0 comments

Article is closed for comments.