Hi, Cyberpanel Community support. I was in big trouble for a few hours because one of my client sites was hacked today. I don’t know how it happened but it was a big issue for me and for my client. I don’t want to disclose the site link here but I share you the screenshot of the hacked page.
When this site was hacked, whenever I open the site link it always shows the hacked page. I deleted the website from the cyber panel and purge chase from the cyber panel. But, it always shows me the hacked page.
After that, I again create a site in the cyber panel and reupload the site and database then my client site starts normally.
Now I switch on the Under Attack Mode feature of the Cloudflare. I’m afraid of this attack. Do you please help me to check or give me information to secure this site?
If you do not need any data in your server you can reinstall your snapshot from a earlier date or reinstall the OS. I recommend Ubuntu 20.04 LTS or AlmaLinux 8.4
If it is just one site that is affected and you have confirmed this through your security scanners then delete every file under /home/mydomain.com/public_html.
If the customer self-managed this website kindly ask them to pay for a clean up.
Addition to previous post. Use backup time before hacked and change cyperpanel, WP admin, FTP etc… passwords and check there is no any hacker added admin users. Change also site database password and prefix.