By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

IP Address Hosted on EC2 Hacked, <IP_address>/wp-admin showing Hacker Page, what should i do?

0

As title says, the wordpress website which was hosted on EC2 is hacked. The freelancer which developed the website for us no longer have the backup files. I want to know is AWS able to restore the backup files? Or is there any other ways to solve this or prevent it from happening?

Topics
StorageCompute
Tags
Backup & RecoveryAWS BackupAmazon EC2
Language
English
Marc Mah
asked 7 months ago220 views
2 Answers
0
  1. Stop the EC2 instance ( you can do this from the console. Do not terminate it yet)
  2. Revoke any access keys the instance is using
  3. Take a snapshot of the EBS volume
  4. Terminate the Instance
  5. Create a new volume from the snapshot
  6. Create a new instance
  7. Mount the newly created EBS volume to your new instance and monitor the logs
Dylan Zenner
answered 7 months ago
0

Hello.

Do you have any snapshots of EC2 etc. from before the hack occurred?
If you do not have a snapshot, you cannot restore your data on AWS.

Since wp-admin is easily used for attacks, we usually recommend installing a plugin that changes the URL.
I think you can use a plugin such as WPS Hide Login to change the URL.
https://wordpress.org/plugins/wps-hide-login/

profile picture
EXPERT
Riku_Kobayashi
answered 7 months ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content