Server hacked help Bitcoin readme

monkeyblue

Registered
Nov 19, 2018
2
0
1
United Kingdom
cPanel Access Level
Root Administrator
Hi,

We have just received a down alert for various websites, and when we log into the server all the /home/ packages have been deleted and there is a readme file demanding 1 bitcoin in 24 hours otherwise they will release the information they have on the server to the public.

Does anyone have any advice on steps I should take. I'm currently thing

1. Contact data centre to wipe the server
2. Reinstall cPanel
3. Restore backups
4. Check security etc

I assume we will have to report this to the UK ICO but is there anything else we should look at before carrying out the steps above, I'm puzzled to how they got access as SSH is on an alternative port and root ssh is blocked without a sudo user.

Thanks.
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,296
1,252
313
Houston
I would strongly advise you contact a system administrator. And just restoring backups may not resolve the issue if you reinstall infected backups. You'd be best off by having the file integrity audited to ensure its validity by a qualified system administrator. If you don't have one you might find one here: System Administration Services