- Change your web hosting password.
- Change your SSH / root login username (if possible) and password.
- Change your FTP username (if possible) and password.
- If you changed your FTP username, chown the files to the new user through SSH by typing
chown -R username:usergroup YOUR_WEB_PATH. If you don’t know the usergroup, check out the current files by typing,
ls -la YOUR_WEB_PATH
- Change your permissions to the lowest number to allow your website to still work, this might be 444, 644, 655, 744, or 755.
chmod -R 755 YOUR_WEB_PATH
- make sure there are no authorized keys found in your
ls ~/.ss, and then
rm authorized_keysif it is there unless of course you use that for authentication. Authorized keys allows you to ssh without a username and a password, because you put your id on your computer and on the server.
- (tip via friend, Grant Wood There is a linux service called, “aide” that can email you when files are changed, but that is fairly intense to setup.
- (tip from friend) Check your log files in /var/log to make sure there is no unauthorized connections that you haven’t made.
- Update your php.ini file with better PHP settings.
- Upgrade any installed CMS or web-based software.