Unless you have comprehensive access logs and detection security, it is almost always a waste of time to try and determine how someone is gaining access to a web server. If they have a vague clue about what they are doing, they will cover their tracks.
- Lock down your site. Only use SFTP, SMTP, and SSH to connect to the server remotely. FTP, POP3, IMAP, and Telnet should be disabled. cPanel should only be accessed via HTTPS.
- Make sure the server is up to date with all software - OS, Web Server, PHP, MySQL/MariaDB, etc...
- Change passwords and make sure they are long and secure.
- Use the tools in vBulletin 5 to lock down your AdminCP and ModCP. You can restrict access via IP address in /core/includes/config.php. You can also enable Two-Factor Authentication.
- Update all your passwords and make sure that each service uses a unique password (SFTP, MySQL, SMTP, SSH, cPanel, etc...)
- Make sure vBulletin is up to date.
- Make sure all included .htaccess files are in place. We use these to prevent access to sensitive areas.
- Talk to your host to see if you can CHMOD the files to 0644. That will prevent other users on the server from accessing them.
Comment