Important security guide is enclosed, please read it. Only together can we keep your websites and our servers secure from hackers – please do your part today, in fact, now, it’s really important! 🙂
Remember that install of Joomla or WordPress you tried out a couple of months ago and never used? Please remove it, old installations are an open invitation to hackers. For any script you install on our servers you must at all times make sure it is of the latest version. Check out www.milw0rm.com and type in the name of your favourite open-source script, then you’ll see what I mean. It takes 5 seconds to hack an old version of Joomla, upload a shell script and have total control over your account.
Never use easy to guess passwords or the same password more than once, if someone finds a password of yours they will try it everywhere else until they reach success. If someone finds your webmail password you’re pretty much guaranteed they’ll try it elsewhere – maybe in cPanel, maybe on your online banking!
Cloak Your Folders.
You should keep a blank index.html in all of the folders inside your public_html, this will make sure the contents can’t be easily viewed on the internet. cPanel has this function, check out ‘Index Manager’. It’s always a good idea to keep your files and folders secret.
Password protect your admin folder.
You should password protect the admin folder of any scripts you are using, this provides an extra layer of security and is highly recommended. You can do this in cPanel by clicking the Directory Protection link.
So you got hacked?
If you find that something has happened, maybe spam was sent from your account, or you found you were hosting a phishing site, the first thing you need to do is change your passwords. All of them. cPanel, email, site admin passwords, everything.
Next up, go through your web space and remove all old script installations, remember if you installed plugins in your scripts (modules for Joomla/Wordpress etc) they can be hacked too! Make sure they’re up-to-date too.
You can check the Error Log in cPanel for suspicious requests. Usually a hacker will leave files around, look for suspicious files within your public_html folder. Once found; take the date and time that the file was uploaded, the file name, folder it was in, and tell us so we can check through. Then delete the files.
Being hacked can happen to anyone at all, your security will always depend on its weakest point. To give you a figure, an average server will be vulnerability scanned 100-1000 times a day by hackers – eventually, if you don’t keep things up-to-date and secure, your site will be hacked and be used for criminal activity in one way or another – however now is the perfect time to stop this from happening.
If you have any questions or need help, please feel free to ask 🙂