IP Address Hosted on EC2 Hacked, /wp-admin showing Hacker Page, what should i do?

Question

As title says, the wordpress website which was hosted on EC2 is hacked. The freelancer which developed the website for us no longer have the backup files. I want to know is AWS able to restore the backup files? Or is there any other ways to solve this or prevent it from happening?

Answer

Hello.

Do you have any snapshots of EC2 etc. from before the hack occurred?  
If you do not have a snapshot, you cannot restore your data on AWS.

Since wp-admin is easily used for attacks, we usually recommend installing a plugin that changes the URL.  
I think you can use a plugin such as WPS Hide Login to change the URL.  
https://wordpress.org/plugins/wps-hide-login/

Answer

1. Stop the EC2 instance ( you can do this from the console. Do not terminate it yet)
2. Revoke any access keys the instance is using
3. Take a snapshot of the EBS volume
4. Terminate the Instance
5. Create a new volume from the snapshot
6. Create a new instance
7. Mount the newly created EBS volume to your new instance and monitor the logs

IP Address Hosted on EC2 Hacked, <IP_address>/wp-admin showing Hacker Page, what should i do?

相關內容