What to do when I got an email
- Category : Tips and Tricks
- Posted on : Jan 01, 2020
- Views : 1,344
- By : HostSEO
This article provides you with general tips and steps to follow in case you received the following email message:
| â$œDear Hosting Account 'cPanel_username' Owner, This is an automated alert to inform you that we have detected a malicious attempt to access your account via http or ftp on our server 'hostname_of_the_server'. Our security systems have blocked the upload of malicious file to the server and put it to the quarantine. Your website is safe now, but it is important you undertake the following precautions. 1. Immediately scan your PC for viruses and malware. We recommend the anti-virus programs which free editions are available for most operating systems for this purpose. 2. Make sure that you use strong, hard-to-guess passwords on your account and applications. Do not use the same password for different applications. To remember more difficult passwords, we recommend you use the password managers such as LastPass or RoboForm. 3. Update all third party scripts to the latest versions (e.g. Joomla, WordPress, Magento or any other CMS). Remove every script, gadget, feature, function, and code snippet which has poor security vulnerability report. 4. Use .htaccess or cPanel > Deny IP to block the hacker's HTTP access to your site. If you identified the hacker's IP address, one site where you can look it up to get more information about this IP is http://whois.domaintools.com/ . 5. Change your cPanel/ftp passwords. We have put the following content into quarantine as we believe it contains viruses or other malicious code. If you feel this has been in error and your file is false-positive (innocent), please submit a ticket to us at https://support.namecheap.com/index.php?/Tickets/Submit or contact the Live Help at http://www.namecheap.com/support/livesupport.aspx and we will be happy to assist: '[PHP Obfuscation Exploit [P0395]]': /home/cPanel_username/public_html/Songs/wp-content/themes/.cache.php '[PHP Obfuscation Exploit [P0395]]': /home/cPanel_username/public_html/wp-content/themes/.cache.php '[PHP Obfuscation Exploit [P0395]]': /home/cPanel_username/public_html/wp-content/themes/.cache.php '[PHP Obfuscation Exploit [P0395]]': /home/cPanel_username/public_html/wp-content/themes/.cache.php '[PHP Obfuscation Exploit [P0395]]': /home/cPanel_username/public_html/wp-content/themes/.cache.phpâ$ |
Follow these instructions to make the needed changes in your account:
Scan your PC for viruses and malware
Scan your hosting account with Virus Scanner
Update your CMS along with all the modules/plugins
Have a fresh backup of your files
Scan your PC for viruses and malware
The first thing to check is whether your personal computer contains any malware that might have triggered the warning email message. Make sure that you scan your local computer and clean up any malicious software. Any free antivirus software like Avast Free Antivirus or Dr.Web Cureit! utility, can be used for this purpose.
Scan your hosting account with Virus Scanner
Also, you can use some free online scanners such as this one.
It is better to combine these two ways of checking your account for viruses. In order to prevent having viruses and malware on your account it is recommended to use themes and plugins only from trusted providers.
Additionally, we would recommend to contact our Support Team so we can check your hosting account by means of internal scanners and tools in order to ensure it is clean and secure. Our support representatives will also be able to provide you with a detailed scan report so you can examine it later.
Below you can find an example of a scan report provided by our Support Team:
| ----------- SCAN REPORT ----------- TimeStamp: Date (/usr/sbin/cxs --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnwZDRu --qoptions Mv --report /home/cPanel_username/scanreport-support-date-h12m.txt --sizemax 500000 --ssl --summary --sversionscan --timemax 30 --user support --virusscan --xtra /etc/cxs/cxs.xtra) Scanning /home/cPanel_username: '/home/cPanel_username/access-logs' # Symlink to [/usr/local/apache/domlogs/support] '/home/cPanel_username/public_html/process.txt' # ClamAV detected virus = [Eicar-Test-Signature] ----------- SCAN SUMMARY ----------- Scanned directories: 171 Scanned files: 13996 Ignored items: 33 Suspicious matches: 2 Viruses found: 1 Fingerprint matches: 0 Data scanned: 218.37 MB Scan time/item: 0.008 sec Scan time: 107.945 sec |
NOTE: Pay attention to the parts of the scan report highlighted in red . These are the lines to examine in case there is malware in your hosting account.
As a precautionary measure, it is highly recommended to update passwords of all the services related to your hosting package as well. Such services include:
Check how to reset the cPanel password here.
As an improved security measure, it is recommended to set up 2FA for the cPanel account.
If you use Reseller Hosting with us, you can initiate a password reset for your main cPanel account, and your WHM password will be updated automatically as well.
To reset the root password for a VPS server, refer to the following tutorial.
Changing the cPanel account password will also update the password for your main FTP account. However, it is necessary to make sure that passwords for all additional FTP accounts are updated as well. In order to change the password for an additional FTP account, you need to do the following:
- Log into your cPanel account and navigate to the FTP Accounts menu under the Files section.
- Scroll down to the FTP Accounts section, paste a new password and click on the Change Password button next to the corresponding FTP account.
for cPanel paper_lantern theme:
for cPanel x3 theme:
You can find some useful tutorials on how to update Admin passwords for Wordpress, Joomla, Prestashop and WHMCS as examples below:
How to reset WordPress Admin password
How to reset Joomla Admin password
How to reset Prestashop Admin password
How to reset WHMCS Admin password
Make sure that you use strong passwords with special characters in order to avoid unauthorized access to your hosting web space in the future. We recommend to use Password Generators like this one in order to create a complicated, long and reliable password.
For more information on complicated passwords, visit the following link.
The next step is making sure that passwords for all the existing databases are updated and secure as well. This can be done from cPanel > MySQL Databases menu easily.
- Log into your cPanel account and navigate to the MySQL Databases menu.
- Scroll down the window and locate a list of MySQL Usernames under the Current Users section.
- Click on the Change Password button next to the user.
- Next, indicate the new password and click on the Change Password button.
- Log into your cPanel account and navigate to the Email Accounts menu.
- Click on the Manage button next to the email account as shown below.
- Choose a desired password and click on the Change Password button.
Update your CMS along with all the modules/plugins
The next measure is to make sure you are running the most recent version of a CMS and modules/plugins installed for it. It is important to keep your software up-to-date as the newest version contains various security implementations and fixes that helps to avoid security breaches.
In case your CMS was installed using our Softaculous script installer, it is possible to update it in a few clicks right from the Softaculous interface, check the following tutorial for more details.
If you are using one of CMS scripts available in Softaculous, but initial installation was performed in a different way, you can import the installation to Softaculous in order to update it easily then. For more details on how to import installation into Softaculous, check the following tutorial.
If your website is based on a custom and manually developed script, it is recommended to contact a web developer in order to implement additional security features.
Have a fresh backup of your files
Once all the measures are taken, make sure to create an up-to-date backup of your files. This can be easily done by means of an in-built backup tool in cPanel. For more details, feel free to check the following tutorial. You may also wish to configure automatic backup creation in cPanel.
That's it!
             Â
                     Need any help? Contact our HelpDesk
Categories
- cPanel Question 47
- cPanel Software Management 29
- cPanel Tutorials 13
- Development 29
- Domain 13
- General 19
- Linux Helpline (Easy Guide) 156
- Marketing 47
- MySQL Question 13
- News 2
- PHP Configuration 14
- SEO 4
- SEO 42
- Server Administration 84
- SSL Installation 54
- Tips and Tricks 24
- VPS 3
- Web Hosting 44
- Website Security 22
- WHM questions 13
- WordPress 148
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
| Sat | Sun | Mon | Tue | Wed | Thu | Fri |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | ||||||
Recent Articles
-
Posted on : Sep 17
-
Posted on : Sep 10
-
Posted on : Aug 04
-
Posted on : Apr 01
Tags
- ts
- myisam
- vpn
- sql
- process
- kill
- tweak
- server load
- attack
- ddos mitigation
- Knowledge
- layer 7
- ddos
- webmail
- DMARC
- Development
- nginx
- seo vpn
- Hosting Security
- wireguard
- innodb
- exim
- smtp relay
- smtp
- VPS Hosting
- cpulimit
- Plesk
- Comparison
- cpu
- encryption
- WHM
- xampp
- sysstat
- optimize
- cheap vpn
- php-fpm
- mariadb
- apache
- Small Business
- Error
- Networking
- VPS
- SSD Hosting
- Link Building
- centos
- DNS
- optimization
- ubuntu
