This morning I was looking through some sites and found that they had been hacked by the C99Madshell tool thingy.
My current server is with Worldstream with WHM/Cpanel. I have 3 cpanel accounts setup in total, and it seems that 5 sites have been compromised are on one account. The sites on the other 2 accounts are clean (based on the fact the site: command in Google doesn't return a list of spam pages).
While I'm trying to established just how deep the hack is and what access the hacker has (i dont know linux very well which doesn't help, actually I have no idea) I am concerned that other sites might be subject to an attack on the server.
I have 3 sites that I really care about, the others im not so bothered.
What my plan is-
1) find new uk based host
2) move important uncompromised sites to new host
3) get current server rebuilt/learn linux (not sure if a cpanel restore will just reinstall the hack or not, i take monthly backups from the /backup folder)
What I dont want to do is rush into finding a new host without proper research, unfortunately I dont have a choice and need to get the ball rolling now.
So who would you recommend as a good UK host? I'll be looking for a dedi. Currently looking at rapidswitch
Wait what.. your server got hacked and you want to move servers?
You just need a reinstall and restore from known clean backups and then harden the server to ensure it doesn't happen again. A few things you need to do boil down to:
-Run PHP in safemode
-if possible don't allow PHP to run in folders which are used by your site to upload images (the shell is usually installed by uploading a file like image.png.php and then calling the resulting php file)