My Website has been hacked
Posted by Nick Akam on 2014-08-21 13:46:52 PM
This article outlines what steps to take if your website has been hacked.
Websites being compromised is becoming more and more of a problem. This is always caused by one of the two following reasons:
The most common reason is number 1, insecure PHP scripts. What most website owners fail to realise is that as a webhost, we provide you with the ability to run any PHP code you want - it's *your* responsibility to ensure it's secure. This means don't go blindly installing Wordpress plugins and themes, CMS systems and so on without ensuring the code is up to date, secure, and maintained by it's authors. Hundreds, if not thousands of vulnerabilities are discovered in these CMS scripts every year, keeping everything up to date is absolutely critical if you want your site to stay safe.
Passwords on compromised PC's is the other scenario than can result in a hacked website. Most malware in circulation has the ability to read the password files of common FTP clients, and saved passwords in browsers, meaning a complete account compromise would be possible. This also extends to email clients - so compromised PC's are the number one reason email accounts are compromised, and then used to send spam, looking like it's coming from your account.
If your site has been hacked, here are your options:
- Delete all infected files, and re-upload from your backups.
- We can roll back the account to 1-4 days ago. The cost for this is £30+VAT to cover the time in dealing with it. PLEASE NOTE: If we do this, and you take no further action to secure your scripts/PC, whichever exploit method was used to compromise/hack the account in the first place WILL happen again and you'll be back to square one.
- We can attempt a manual cleanup. There is a flat fee of £150+VAT for this service, as it takes several hours to complete, and manually go through every PHP file and folder on your account.