If you have experienced a security breach on your VPS Hosting, it is important to take immediate action to minimize any damage and restore your website to a safe state.
Here are the steps you can follow if your VPS was hacked:
Step 1 - Identify the Attack
The first thing to do is to determine the nature and extent of the attack. You can do this by checking your server logs for any suspicious activities or by using a security tool like ClamAV or Rootkit Hunter to scan your system for malware.
Step 2 - Contain the Breach
Once you have identified the breach, isolate your VPS from the network to prevent the attacker from accessing your website or data. This involves disabling all inbound and outbound connections to your VPS.
Step 3 - Change Your Passwords
Next, change all passwords associated with your VPS, including your root password, user passwords, and any passwords used for your website or database. It is essential to use strong, unique passwords that are not easy to guess. Make sure that your new passwords:
Contain more than 8 characters
Include a combination of numbers, letters, and special characters
Do not include elements that can be associated with you, such as important dates, pet’s name, etc.
Are stored securely, eg. using a password managing tool
Step 4 - Update Your Software
Ensure to update all software installed on your VPS, including your operating system, web server, and any applications. This helps to patch any vulnerabilities that the attacker may have exploited.
Step 5 - Remove Malware and Backdoors
Scan your VPS for malware and remove any malicious code or backdoors that the attacker may have installed. You can use security tools like Malwarebytes, ClamAV, or RKHunter to scan your VPS.
Step 6 - Restore From a Backup
If you have a recent backup of your website and data, you can restore your VPS to a previous state before the attack occurred. This helps to ensure that your website and data are safe and secure.
Step 7 - Monitor Your VPS
After you have secured your VPS, make sure to monitor it regularly for any suspicious activities. You can use a tool like Fail2Ban, which helps to block IPs that try to access your VPS multiple times with incorrect login credentials.
After you have successfully completed all these steps, your VPS will be secured and better prepared to prevent future attacks.