Hello,

I have several WordPress and HTML sites hosted on a shared server with TSO Host. Recently, they migrated me to a new server platform with cPanel access. However, my website has been hacked for the second time, as someone gained unauthorized access to the cPanel, set up email addresses, and attempted to send thousands of emails. My websites have also been compromised.

I have asked TSO Host if there are any logs that can help me monitor who is logging into what, but they informed me that the only available log is the .lastlogin file, which only records the last week's cPanel logins. There are no logs for other services such as FTP or SMTP. Is this correct?

All my sites, including the mail server folder, appear to be infected with malware files, which is concerning since they continue to be used daily. Any advice would be appreciated. I thought logging wouldn't be limited on a host's webserver.

Thank you.

By default, logging is not limited on a cPanel server. Access logs are available for all cPanel services, including FTP, email, and more.

However, it's important to note that an attacker doesn't necessarily need cPanel access to set up an email account. If you've previously changed all your passwords but the hacking continues to happen, it could be a sign that a script on the account has been compromised, or there is malicious code present somewhere that allows continued access for the attacker. It would be best to contact your host to help you investigate and identify the source of the issue.

I can give you some tips on preventing such problems in the future. Always use only strong passwords, always update plugins and Wordpress itself. It is also possible to use Better WP Security.
Another tip is not to store your password on your computer in the form of files, I mean text files. Try to keep them in your head, i.e. remember them. Check all computers from which you log into the Administration area system for viruses and/or Trojans/keyloggers.
Now the best thing for you is to disable (and delete) all plugins and reinstall Wordpress. To be safe, make a backup copy of all your files.

The likelihood of hаckers guessing your cPanel login can be reduced by using very strong passwords. Strong passwords are at least eight characters long, with a mixture of uppercase and lowercase letters, valid special characters and numbers. To create a strong password, it is recommended to avoid well-known words and important dates.

When installing cPanel, EasyApache 4 is also installed. It is important to check the Apache settings given that the Apache software is open source. One way to enhance Apache/cPanel security is to prevent users from overriding your security features through the directory .htaccess. The default setting from Apache 2.3.9 is to prevent users from doing so, but you can use modules to further improve Apache/cPanel security.

As cPanel interacts with many other programs, firewalls can reduce the likelihood of hаcking through third-party connections. However, caution must be exercised when working with firewalls. Make sure you can always log in to your server again, and get familiar with the ports used by cPanel to avoid inadvertently removing or disabling them.

I can offer you some advice that might be helpful.

1. Update all software: Ensure that your WordPress installation, themes, plugins, and any other software you're using are up to date. Outdated software can contain vulnerabilities that hackers exploit.

2. Strengthen passwords: Use strong, unique passwords for all user accounts associated with your websites, including cPanel, FTP, and email accounts. Consider using a password manager to generate and store complex passwords securely.

3. Enable two-factor authentication (2FA): Implementing 2FA adds an extra layer of security by requiring users to provide additional verification, such as a code sent to their mobile device, when logging in.

4. Scan for malware: Use security plugins or online services to scan your websites for malware. These tools can help identify and remove infected files.

5. Web application firewall (WAF): Consider implementing a WAF to block suspicious traffic and protect against common web attacks. Some security plugins offer built-in WAF functionality.

6. Regularly backup your websites: Make sure to have regular backups of your website's files and database stored securely. In case of a future compromise, you can restore your website to a previously known clean state.

7. Contact your hosting provider: Inform your hosting provider about the hack and malware infection. They might be able to offer assistance, such as scanning for malware or providing more comprehensive logs. Ask them if they have any server-level security measures you can enable.

8. Seek professional help: If you're unable to resolve the issue on your own, consider consulting a cybersecurity professional or a web developer with expertise in website security. They can assess the situation and provide appropriate solutions.

9. Remove unnecessary plugins and themes: Remove any unused or outdated plugins and themes from your WordPress installation. These can introduce vulnerabilities, so it's best to keep only what you need and ensure they're regularly updated.

10. Limit login attempts: Implement a plugin or security measure that limits the number of login attempts allowed. This can thwart automated brute-force attacks that try to guess your login credentials.

11. Secure file permissions: Ensure that file and directory permissions are set correctly on your server. Restrict write access wherever possible to prevent unauthorized modifications to your files.

12. Monitor website activity: Regularly check your website's access logs, traffic patterns, and other metrics for any suspicious activity. This can help you identify potential security breaches and take appropriate actions.

13. Educate yourself and your team: Stay informed about common security threats and best practices for website security. Educate yourself and any team members who have access to your websites to ensure everyone follows security protocols.

14. Consider a dedicated server or virtual private server (VPS): Shared hosting can sometimes be more susceptible to security breaches due to the shared nature of resources. If possible, consider upgrading to a dedicated server or VPS, which provides a higher level of isolation and control.

15. Implement a website firewall: A website firewall can act as an additional layer of security by filtering out malicious traffic before it reaches your server.

Great!
software development company

New information got from this post about what changes happened when website is migrated on the new server internally.
software development company