Login Get Started
Hostxpeed
Login Get Started →
Security

How to Respond to Security Breach

8 min read
33 views
Jun 12, 2026

Step 1: Isolate the Server

# Disconnect from network (via control panel or)
sudo ifconfig eth0 down

Step 2: Preserve Evidence

sudo tar -czf /tmp/forensics.tar.gz /var/log
sudo cp /tmp/forensics.tar.gz /safe/location/

Step 3: Analyze Logs for Entry Point

sudo grep -r "Accepted password" /var/log/auth.log*
sudo journalctl --since "1 day ago" | grep -i error

Step 4: Change All Passwords and Keys

sudo passwd root
sudo passwd username
# Regenerate SSH keys

Step 5: Scan for Malware/Backdoors

sudo clamscan -r /
sudo rkhunter --check

Step 6: Rebuild if Necessary

# Export essential data
# Reinstall OS from Hostxpeed control panel

Step 7: Notify Affected Parties

Email users, reset API tokens, inform support.

Do not assume full cleanup is possible. Often rebuilding is safest.

Was this article helpful?