Hello there!
I have an unpleasant experience to share where a customer has reported that their websites are not opening. Upon inspection, it was discovered that there are strange and encrypted files in all directories with sites. I reached out to support with an example of a site that encountered issues, but received unhelpful responses.

It is worth noting that some of the sites are simple html pages, while others use a self-written engine that only displays content. I am now searching for third-party backups and solutions for rolling and restoring the affected sites.

To avoid putting all the sites in one place, it is necessary to distribute them to different accounts. It would be useful to purchase a VDS and create a clear distinction between the sites for easier monitoring and detection of any issues.
Ensuring the separation of accounts is essential for preventing data loss or breaches. By utilizing a VDS, website owners can take charge of their sites' security and strengthen their online presence.

Instead of merging the client, consider hosting it on your server and charging a yearly subscription fee. This way, you have control over security issues such as managing updates to the CMS.

By proactively addressing holes on the server, website owners can prevent potential attacks and data breaches. It is important to constantly monitor and secure the server to protect sensitive information and maintain website functionality.

 

Investing in a reliable server and taking preventative measures to improve security will not only protect your website but also ensure the satisfaction of your clients.

In case of a hacked website, it is crucial to take immediate action by deleting any unknown files and restoring an uninfected backup of the site. If a backup is not available, you can reach out to technical support for assistance in restoring your hosting account.

Changing all passwords related to the site is also necessary, including cPanel and FTP access. It is recommended to update all software, plugins, and extensions used in the site and disable any unused ones.

To prevent future breaches, consider setting an additional password for the admin folder of your CMS. It is also advisable to check your computer's anti-virus program to ensure that web, FTP, and mail passwords are secure.

Regularly scanning your website for viruses using the available tools in the hosting control panel or free antivirus programs is also recommended. By taking these proactive steps, website owners can secure their sites and protect both themselves and their customers from potential harm.

Here are some steps you can consider:

1. Isolate the affected sites: Ensure that the compromised websites are taken offline to prevent any further harm.

2. Assess the extent of the compromise: Analyze the encrypted files, understand their nature, and try to determine the source of the compromise. This may involve inspecting server logs, checking file timestamps, or seeking assistance from cybersecurity professionals, if needed.

3. Notify your customers: Inform the affected site owners about the compromise and explain the steps you are taking to address the issue. Transparency and communication are key during such incidents.

4. Scan your environment for vulnerabilities: Regularly scan your systems and applications to identify any potential vulnerabilities that could have led to the compromise. Update all software and plugins to their latest versions, as new releases usually include security patches.

5. Restore from backups: If you have recent and clean backups, restoring from them can help get the affected sites back up and running quickly. Be sure to investigate how the compromise occurred initially to avoid repeating the same mistake.

6. Strengthen security measures: After restoring the sites, implement additional security measures to prevent future compromises. This may include regularly updating software, using strong passwords, enabling two-factor authentication, and considering a web application firewall (WAF).

7. Consider professional assistance: If you're unsure about the best course of action or lack the expertise to handle the situation, it may be wise to consult with cybersecurity professionals who specialize in website security.

8. Conduct a thorough malware scan: Use reputable malware scanning tools to scan your websites and server for any remaining malware or compromised files. Remove any malicious code or files identified during the scan.

9. Harden server and website configurations: Review and update server configurations, ensuring that unnecessary services or features are disabled. Implement secure file permissions, tighten access controls, and restrict network access to minimize the attack surface.

10. Implement strong passwords and user access controls: Enforce strong password policies for all users, including site administrators and contributors. Limit user access privileges to only what is necessary for them to perform their tasks.

11. Educate yourself and your customers: Stay informed about the latest threats and vulnerabilities in web security. Educate your customers on best practices for maintaining the security of their websites, such as regularly updating software and plugins, using secure passwords, and avoiding suspicious downloads.

12. Monitor for future incidents: Set up a system to monitor your websites and servers for any unusual activity or signs of compromise. This can include implementing intrusion detection systems (IDS) or security plugins that alert you to potential threats.

13. Document the incident: Maintain detailed documentation of the entire incident, including the steps taken to investigate, mitigate, and recover from the compromise. This will help you analyze the incident later and improve your security measures.

14. Consider engaging a cybersecurity provider: If you continually face security challenges or lack the resources to handle them internally, partnering with a cybersecurity provider can provide ongoing monitoring, threat intelligence, and incident response support.