In this guide, we’ll cover some basic steps to take in the wake of a hack, including isolating your server from the network and making a copy of drives so you can have professionals investigate the nature and extent of the breach. You’ll also learn some best practices for restoring your server from a clean backup, scanning for malware, enforcing new password changes, and implementing changes to prevent future attacks.
Source: Linux Insider