All Collections
VPS Management
What to Do if Your VPS Has Been Hacked?
What to Do if Your VPS Has Been Hacked?

Learning how to handle a hacked VPS

Updated over a week ago

If you have experienced a security breach on your VPS Hosting, it is important to take immediate action to minimize any damage and restore your website to a safe state.

Here are the steps you can follow if your VPS was hacked:

Step 1 - Identify the Attack

The first thing to do is to determine the nature and extent of the attack. You can do this by checking your server logs for any suspicious activities or by using a security tool like ClamAV or Rootkit Hunter to scan your system for malware.

Step 2 - Contain the Breach

Once you have identified the breach, isolate your VPS from the network to prevent the attacker from accessing your website or data. This involves disabling all inbound and outbound connections to your VPS.

Step 3 - Change Your Passwords

Next, change all passwords associated with your VPS, including your root password, user passwords, and any passwords used for your website or database. It is essential to use strong, unique passwords that are not easy to guess. Make sure that your new passwords:

  1. Contain more than 8 characters

  2. Include a combination of numbers, letters, and special characters

  3. Do not include elements that can be associated with you, such as important dates, pet’s name, etc.

  4. Are stored securely, eg. using a password managing tool

Step 4 - Update Your Software

Ensure to update all software installed on your VPS, including your operating system, web server, and any applications. This helps to patch any vulnerabilities that the attacker may have exploited.

Step 5 - Remove Malware and Backdoors

Scan your VPS for malware and remove any malicious code or backdoors that the attacker may have installed. You can use security tools like Malwarebytes, ClamAV, or RKHunter to scan your VPS.

Step 6 - Restore From a Backup

If you have a recent backup of your website and data, you can restore your VPS to a previous state before the attack occurred. This helps to ensure that your website and data are safe and secure.

Step 7 - Monitor Your VPS

After you have secured your VPS, make sure to monitor it regularly for any suspicious activities. You can use a tool like Fail2Ban, which helps to block IPs that try to access your VPS multiple times with incorrect login credentials.

After you have successfully completed all these steps, your VPS will be secured and better prepared to prevent future attacks.

Did this answer your question?