A few days back our blog QOT got hacked! Someone managed to login as root user into our VPS server and accessed critical areas of cpanel and file manager…
Accessing as root user gives the hacker unlimited access and superuser powers to all critical areas and power to modify and delete any file on your server. Throughout the unauthorized access period, there was no downtime and the site functioned as usual. Though no critical function was compromised, the hacker definitely tweaked some files and log files revealed access to critical server areas.
Thankfully we secure servers with Configserver Security and Firewall (CSF), a powerful Stateful Packet Inspection (SPI) firewall, Login/Intrusion detection and security application for Linux servers, which alerted us of the hacker intrusion and tracked their IP.
Restoring VPS backup
We host our site on Knownhost VPS hosting, and their excellent technical support was super quick to respond, blocked the IP and scanned critical areas for intrusion, file access, file modification, and malware / virus implantation. They advised us to change all passwords immediately for the server, MySQL database and WordPress. Since the site was online and functioning without a glitch, obviously some stealth changes were done to some critical files.
Since Knownhost automatically keeps regular secure backups of all VPS servers, they offered us an entire of array of dates available for VPS backup. Then they quickly and professionally restored the VPS to a previous date without a hitch in under an hour.
Of course it meant a few latest posts and comments will get lost. So we backed up our latest posts manually and reposted them after the server was restored. A few comments on the latest posts and other comments made from the period of VPS backup to the date this happened got lost.
Security Lessons Learnt
- Use very strong passwords – Strong passwords are not good enough. Very strong passwords are needed with long combinations of letters, numbers and symbols – so that even the best password cracking software fails. Also remember to frequently keep changing passwords.
- Beware of public computers – Only login as root from your most trusted computer, as public computers (even office, friends, library PCs) may have keyloggers and other malware. Its easy to pick up your password as you type it.
- Back up daily– any server can be hacked any day. If you have regular latest backups, they you can sleep with peace of mind that your server can be restored easily if anything goes wrong. Regularly backup your MySQL database, or even use WordPress backup services.
- Upgrade and Update – Always keep your WordPress installation and all plugins updated, and new versions also close up security holes. Don’t give hackers a chance.
- Install Server Security Software – your new server usually will not come preinstalled with security software. We have found CSF a very effective server security tool which blocks several intrusion attempts everyday.
- Use a reliable responsive web hosting – I am glad that we are hosted in Knownhost VPS. They have consistently shown expert, knowledgeable and superfast response time (24×7!!) over the last 1 year; and how they do it amazes me everytime. I would recommend Knownhost managed VPS any day.
Any server can be hacked, but you have to stay prepared with back up, keep you security antennae alert and chose a reliable hosting for stress free blogging. So that was our QOT hacking experience and we hope to keep the great content rolling in…