If you are using Server Guard when your website is under hacker intrusion, you can follow these steps to troubleshoot the problem:
Perform Trojan detection.
Perform Webshell detection.
Check if the website contains illegal pages, is blocked, or inserted with hidden links.
When Server Guard prompts remote logon or hacker logon, check if the server’s source IP addresses are normal.
Normal source IP addresses include the outbound IP addresses in internal personnel’s region, external IP addresses in another region temporarily used to log on to the server, and the IP addresses used to log on the server using VPN and VPS.
If the source IP address is abnormal, change your logon password.
We recommend that you use strong passwords that contain at least 10 characters, and consist of letters in upper and lower cases and special characters.
After that, check if Server Guard still prompts remote logon or hacker logon.
If the intrusion you encounter is not included in the preceding content, we recommend that you open a ticket, describe the issue, provide authentic details, and attach the relevant screenshots. This will help our security engineers to resolve the issue sooner.