Knowledgebase
My Website has been hacked
Posted by Nick Akam on 2014-08-21 13:46:52 PM

This article outlines what steps to take if your website has been hacked.

Websites being compromised is becoming more and more of a problem. This is always caused by one of the two following reasons:

  1. Running insecure scripts, such as unsecured Wordpress installations, Joomla, and other content management systems, or custom code that is insecure.
     
  2. Having passwords (cPanel or FTP) saved on compromised PC's (that have been infected with malware or keyloggers etc).

The most common reason is number 1, insecure PHP scripts. What most website owners fail to realise is that as a webhost, we provide you with the ability to run any PHP code you want - it's *your* responsibility to ensure it's secure. This means don't go blindly installing Wordpress plugins and themes, CMS systems and so on without ensuring the code is up to date, secure, and maintained by it's authors. Hundreds, if not thousands of vulnerabilities are discovered in these CMS scripts every year, keeping everything up to date is absolutely critical if you want your site to stay safe.

Passwords on compromised PC's is the other scenario than can result in a hacked website. Most malware in circulation has the ability to read the password files of common FTP clients, and saved passwords in browsers, meaning a complete account compromise would be possible. This also extends to email clients - so compromised PC's are the number one reason email accounts are compromised, and then used to send spam, looking like it's coming from your account.

If your site has been hacked, here are your options:

- Delete all infected files, and re-upload from your backups.

- We can roll back the account to 1-4 days ago. The cost for this is £30+VAT to cover the time in dealing with it. PLEASE NOTE: If we do this, and you take no further action to secure your scripts/PC, whichever exploit method was used to compromise/hack the account in the first place WILL happen again and you'll be back to square one.

- We can attempt a manual cleanup. There is a flat fee of £150+VAT for this service, as it takes several hours to complete, and manually go through every PHP file and folder on your account.

General Recommendations

  1. Make sure your scripts are ALWAYS kept up to date. Subscribe to mailing lists run by the authors of your scripts/software so you know when there are updates available
  2. If using Wordpress, we HIGHLY recommend you install a security plugin, such as https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ and enable as many security options as you possibly can.
  3. Commercial templates are a common source of PHP exploits - check what you're installing and the history of that product from a security point of view before installing it.
  4. Keep your PC clean - always run the latest antivirus, and keep it up to date with the latest definitions. Don't download and install unknown programs. If popups ask you to install unknown software to view content, click no.
(3 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).