Recovering from a Hack can be overwhelming. Not only do you have to deal with restoring your site to a good, working state; you also want to do everything you can to prevent a repeat attack on your site.
The following is a series of steps that we recommend to any user recovering from a hack (regardless of the nature of the hack). While this may seem overwhelming, this is an exhaustive list because you want to try and close any open doors the hacker might have used (or may have left behind).
These are mentioned throughout the steps below, but make sure you change all passwords associated with your account:
- cPanel Password
- Email Passwords
- FTP passwords
- Passwords for any Content Management Systems (CMS) such as WordPress, Joomla or Drupal
What to Check on Your Local Machine
- Update any anti virus programs you have on your local computer and run a full scan of local machine. If you do not have anti virus on your local computer, it is highly recommended that you install an anti virus program, keep it up to date, and run regular scans (yes this includes Mac and Linux users as well).
- If you use a wireless router to connect to the Internet, make sure it is a secured connection. If you are not sure how to secure your wireless router, consult your router's documentation or do a search online for your router model and how to secure it. Your router manufacturer may also be able to assist you further.
- If you use any local web design/development software (e.g. Dreamweaver, iWeb, Microsoft Expression Web, etc.) make sure your software is up to date.
- Make sure that all Adobe products (including Adobe Acrobat and Adobe Acrobat Reader) are updated.
- Check your browser version and update as needed. If you have more than one browser installed on your computer, check all browsers installed.
What to Check in cPanel
- First, change your cPanel password.
- Now that you have a new password, log into Cpanel.
- Make sure all of the FTP accounts listed in cPanel are in use. If they are not, remove them. When removing FTP accounts, you will be presented with the option to Delete Account or Delete Account and Files. Choose the Delete Account Option so that you do not accidentally delete site files.
- Make sure passwords for all FTP accounts have been changed.
- Check that all email accounts listed are in use. If there are any listed that are not in use, delete the accounts. Please note, this will also delete any emails on the server for that account.
- Change your email account passwords.
- In the Email Forwarders area of cPanel, make sure any forwarders listed are ones that you created and are still forwarding from and to the correct email addresses.
- Review the Cron Jobs area of cPanel and make sure any cron jobs listed are legitimate and still contain the correct commands.
- Check the Simple DNS Zone Editor in cPanel. Under User-Defined Records, check for any records pointing your site away that shouldn't be there (CNAME or A records). Of course, if you use a third party for email or other services (like Google Apps for instance) you will expect to see MX records for those things. Just make sure that any DNS records listed are correct.
- In Redirects, review any redirects listed. If there are any redirects you did not create, remove them. If you have redirects you have created, make sure the redirection is still set up properly.
Other Things to Check
- If you are using a CMS (e.g. WordPress, Joomla, Drupal, etc.) to create your site, make sure you are running the latest version. Update if necessary.
- Change any administrative passwords for any CMS you use, even if it is a custom built CMS.
- If you use a CMS for your site, do a search online for any specific security strategies and recovering from a hack, for that specific software. For instance, with WordPress, in addition to changing your administrative password, you should also change your Security Keys and Salts (a.k.a. secret keys). This will disable the previous cookies and log anyone out of your WordPress dashboard if they are still logged in.
- When accessing the Internet, make sure the network you are on is secure. If it isn't, or you aren't sure if it is, do not connect to your cPanel/server (this includes using an FTP program, publishing from design software, logging into email, or logging into a CMS admin area).
- Create and download regular backups of your account. We cannot stress how important this is. Downloading your backups is essential. In the event something goes wrong, having the backup stored separately from your account is vital.