How to secure websites from hackers?


Quality Assurance Analyst
Staff member
Oct 2, 2010
somewhere over the rainbow
cPanel Access Level
Root Administrator
Do you know how the account was hacked? If you do not know how it was hacked, it isn't possible to know how to prevent it.

Next, what script(s) was the user using? Were all of those scripts up-to-date?

Did you check the domain's domlogs to see what activity existed on the account?

Normally, accounts are attacked via a security hole in a PHP script that allows passing commands without sanitizing them. If you have register_globals set to "on" for your /usr/local/lib/php.ini (or a custom php.ini on the customer's account), this could pose a high security risk to allow such an issue to happen.

Until we know the exact method for the attack, it isn't possible to provide specific suggestions on how to reduce the future likelihood for it to occur again.


Well-Known Member
Aug 1, 2010
Most of the time it's just bad permissions. Make sure you set permissions to 755 instead of 777 on folders.