What to Do If Your Account Has Been Compromised
If you suspect your dotCanada hosting account has been accessed without your authorization - whether through a hacked cPanel, a stolen FTP password, or a compromised email account - take the following steps immediately.
Step 1: Contact dotCanada Support
Your first call should be to us. Contact our support team right away and let us know what you've observed. We can review server logs to identify unauthorized access, temporarily lock the account if needed, and help you begin the recovery process.
Step 2: Change All Passwords - Immediately
Change every password associated with your account:
- cPanel main password
- All FTP / SFTP account passwords
- All database user passwords
- All email account passwords
- Your CMS admin password (WordPress, Joomla, etc.)
- The password for your dotCanada client area account
Step 3: Enable Two-Factor Authentication
If 2FA wasn't enabled before, enable it now on cPanel under Security › Two-Factor Authentication. This prevents future unauthorized logins even if your password is compromised again.
Step 4: Review and Revoke Access
- Check for any FTP accounts, cPanel sub-accounts, or email forwarders you didn't create and remove them.
- Review SSH authorized keys if you use SSH access.
Step 5: Scan and Clean
Run a full malware scan on your files and database. Attackers often plant backdoor scripts to maintain access even after passwords are changed. Restore from a clean JetBackup backup if possible.
Step 6: Update and Harden
Update all software, review file permissions, and enable ModSecurity. Implement the steps in our Website Security Checklist going forward.
100% Satisfaction Guarantee
We're so confident you'll love dotCanada that we offer a 30-day money-back guarantee. Not satisfied? Get a full refund, no questions asked.
Ready to Get Started?
Join thousands of Canadian website owners who trust dotCanada for reliable, fast web hosting.
Get Started Today