This article describes steps to take to help clear and put protections in place for an Ektron site that may have been breached in a security attack.
When safeguarding your site you want to make sure that the following is reviewed and performed.
- Run Security Configurator. For more information on Security please click here. For more version specific on the Security module please review here.
- Update to the latest CMS version and fix as issues for security are addressed. These can be found here. Additional steps below for if you see other signs of being compromised.
- Site file comparison with min and older backup. Note any customization and any files that do not belong in Ektron. This is how to install a min site here.
- Monitor net traffic for IPs that are suspicious and block at network level. You could Wireshark or other tracing tool. Here is more information on IP Restrictions.
- Remove any unusual files, not part of Ektron or customization. A bot may exist on the system may exist on the system post update.
- Review users tables for unknown users and last logins around event times. Remove and update passwords on affected accounts.
- You can use Process Monitor tools to see if there is bot or service running on the system.