11/30/2015 – How to Catch Hackers On cPanel
Posted by Jamison on 01 12 2015.
If there’s one thing that every website owner hates, it’s being hacked. Unfortunately, even as we speak, thousands of websites and pages are being exploited and used by cyber criminals to send bulk emails, malicious wares, and other unscrupulous content. What’s more frustrating about this is that most web managers and owners are actually not aware that their sites have been compromised. Read on and discover how you can catch hackers using cPanel.
Check Spam Mails
Most hackers want to penetrate websites so they can send spam mails to the subscription list or followers of the hacked sites. Thus, if you are receiving mail delivery reports in cPanel regarding email addresses that you know nothing about or blocked emails due to red-flagged content reported by remote servers, your site may already be compromised. There could be malicious content or spam email forwarded from your cPanel.
To confirm this, you should go to Email and then to Mail Queue Manager to see what emails are in the Exim queue that are waiting to be forwarded or sent. If there are messages that you are unfamiliar with, sender addresses that you don’t know, or even garbled email addresses, then there is a big chance that you have been hacked.
There is also Email Trace interface in cPanel that reports email message delivery attempts from your email account and it also permits you to trace or track email delivery routes. This will be very helpful in identifying email delivery issues as well as give you the warning if there are hackers trying to use your account to send spam mails.
Fix a Hacked Website
- Log into your cPanel. Check the IP address written after the line “Last Login From”. The address should be your own. If you see a different IP address, write it down. Before you panic, you should first determine if the IP address is legitimate or not. If you are using dial-up, your IP address is different each time you log.
- Allow log archive in your cPanel. Go to Raw Log Manager and check the box of Archive Logs. Once there, remove the check from the box that states “Remove last month’s archived logs”. Click save.
- Bring your website offline. This is important so your visitors will not be affected by whatever malicious software is in your site. Besides, this will also prevent more attacks and damage.
- Inform your web hosting provider. You need to tell your host about your problem and give them the suspicious IP address you got in your cPanel. The company can help rectify the situation.
- Scan site administrator computers for virus and spywares. Even if you change your password, if the computer is infected, your new password will still get compromised and so will your site.
- After ensuring that site administrator computers are clean, you can change all passwords in emails, databases, FTP and also cPanel accounts.
- Look for security weaknesses and try to resolve and repair them. Check your asp.net or PHP codes for loopholes. Search your logs to see the places where the suspicious IP address you discovered appears. You may not be able to hunt down the owner or source of the IP address but at least you will know your site’s flaws and how you were attacked.
- Once you have recovered your site, you can get your site back online.