Question
What can be done if a cPanel account is compromised?
Answer
The best course of action to recover from a compromised account is to restore from a backup from before the compromise occurred as this is a guaranteed method to ensure any impacted files are cleaned. The following provides further information on this topic:
Is it possible to clean malware from a hacked website?
For information on restoring from a backup:
Restore an account from a backup file on the server
How can I restore my backups from a remote destination?
Once the backup has been restored, all passwords and other authentication methods should be rotated for the cPanel user. This includes all email passwords, FTP account passwords if enabled, SSH keys, and website admin credentials. The following provides information on resetting these passwords:
How to reset a cPanel user's password
How to reset your email password through the cPanel interface
How to reset an FTP user password
How to reset a database user password
How to reset WordPress Admin password using WP Toolkit?
How to manage a public key in the cPanel interface
Warning: While the above are critical steps, they alone may not fully resolve the issue. If the account was originally compromised due to a security flaw in the website or script on the account, then restoring the account to a point from before the compromise occurred will only remove the previous compromise and will not resolve the security flaw in the website or script that allowed the account to become compromised in the first place. Special care should be taken to identify and resolve any security flaws in the website or scripts on the account once it has been restored.
Note: To find information about how the account was compromised, what security flaw allowed the compromise to occur, or what kind of malware might be on an account/website, you must review further with a security specialist that has the skills, training, and expertise required to perform an investigation.
Comments
0 comments
Article is closed for comments.