server or site hacked

Discussion in 'Server Operation' started by kwickcut, Jan 14, 2020.

  1. kwickcut

    kwickcut Member

    i need some help with a site that has been hacked. i am not sure where i sold look to get information about the hacker and how they managed to access the site.

    they were able to change my paypal info and redirect it to another account. i have gone into the site and turned off paypal but it is still active and i need to resolve this asap..

    this is the sever info i followed the setup fir this system and all the updates for the server are up to date. the site is now in maintenance mode but i really need to fix this
    Ubuntu Linux 16.04.3
    ISPConfig Version: 3.1dev

    thanks for any help
    kwick
     
  2. rosehosting

    rosehosting Member

    First, you didn't mention what your website address is, the CMS you use, etc. If your website is using, for example, WordPress, you can install a plugin like WordFence then scan the site for the malicious codes.

    Maybe they were able to brute force your password, check your website's administrative accounts, make sure you use strong passwords for your accounts. Generally, a password utilizing at least 10 characters including alphanumeric and grammatical symbols is sufficient. Never use passwords based upon dictionary words or significant dates.
     
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You should not run ISPConfig development version on a production server. Maybe do that if you are developer yourself.
    My advice is to take services or whole server offline. Then change all passwords to 12 character long random strings. Wordfence for Wordpress is a good idea. RS Firewall for Joomla sites similarly.
    There is ISPProtect that scans your server for malware, that or similar stuff may be helpful. Then turn server back on.
    I know nothing about Paypal.
    There are threads on this forum on how to recover from hacked website. Use Internet Search Engines with
    Code:
    site:howtoforge.com hacked server
     
  4. kwickcut

    kwickcut Member

    thank you both for the reply all the password have been changed to 15 Character symbols and numeric.
    The site in question is a magento 1.9 and it's a cms site and I have a site with the latest version but it well not be ready for scorned month..

    thanks once again
    kwick
     

Share This Page