Exploited or Hacked VPS: What You Need to Know
An exploited or hacked Virtual Private Server (VPS) is one that’s no longer fully under your control. If your VPS is compromised, someone else could be using it for their own purposes. Common reasons for exploiting a VPS include:
- Sending spam emails
- Launching attacks against other servers, consuming your CPU, memory, and bandwidth
- Installing phishing websites to steal sensitive information
Common Ways VPS Gets Compromised
There are two primary ways your VPS may be exploited:
Password Guessing: Hackers may guess or crack a password for a user account, such as for email, FTP, or SSH access.
Security Vulnerabilities in Web Applications: Hackers may exploit a security flaw in web applications (like WordPress, Joomla, or Drupal) or their plugins/add-ons.
How to Detect if Your VPS Has Been Exploited
Often, users don’t realize their VPS has been compromised until they’re notified by the abuse department of their hosting provider. To avoid delays in identifying a breach, regularly check your VPS log files.
How to Prevent Your VPS from Being Hacked
A. Use Strong Passwords
Ensure that all your accounts (Client Area, VPS, control panels, etc.) have strong, unique passwords. The stronger the password, the better the protection. Use tools to generate secure passwords combining lowercase, uppercase, numbers, and symbols.
B. Use Secure Protocols
When connecting to your services, always prefer secure connections. For example, use SSL for email and sFTP instead of the standard FTP protocol.
C. Maintain Regular Backups
Backup your data regularly. If your service becomes compromised, it's crucial to restore from a clean, known good backup rather than a potentially compromised one.
D. Harden Your PHP Settings
Make changes to your PHP configuration (php.ini file) to boost security. Recommended settings include:
- Enable Safe Mode
- Disable allow_url_fopen
- Increase security with PHPSecInfo
E. Secure Third-Party Applications
If you're using third-party software like WordPress, Drupal, or Joomla, or relying on plugins, keep these points in mind:
Choose reputable software with a strong security track record and regular updates to patch security holes.
Regularly update your software. Subscribe to RSS feeds or security bulletins for automatic updates on new vulnerabilities.
What to Do if Your VPS Gets Hacked
1. Backup Your Data: Make sure to back up your domains and services, but be aware that your backup may contain compromised scripts. Avoid restoring from this backup directly.
2. Take Your Site Offline: Temporarily take your website offline or display an "Under Construction" page to prevent hacked pages from being served to visitors.
3. Assess the Damage: Determine the scope of the compromise. Is it affecting just one domain, or multiple domains on your VPS?
4. Recover Your System: Reinstall your environment from a known clean source to ensure all compromised components are removed.
5. Restore Your Websites: Once you've cleaned up and secured your VPS, begin the process of restoring your websites from a known safe backup.
Helpful Resources
Consider joining online communities dedicated to fighting badware and phishing:
- Stop Badware
- Anti-Phishing Working Group
- PhishTank
