My site has been hacked, what are the possible causes and solutions?
How was your website hacked? Here are several possible scenarios:
- If you have your FTP details stored locally on your computer, someone may have stolen them using various Tojan Horses, Spyware, etc. Several times in the past attackers used stolen FTP credentials to successfully pull off large scale attacks.
A solution in this case would be to run a full scan of your computer and change your FTP credentials via the Files > FTP Accounts section of your Web Hosting Control Panel. Also, be careful when you enter login information on public computers.
- Someone used your hosting Control Panel password and hacked your website(s) - this case is quite similar to the one mentioned above and the solution here is an immediate update of the account password, which could be done via the My Account > Update Contact Info > Change Password section.
- If you are using scripts, such as Joomla, WordPress, etc., for the purposes of your website, the site may have been hacked using various methods like database injection, remote file inclusion and many others.
The problem is that all these are open source applications and anybody has access to their code, which allows hackers to find security holes, especially if the applications are not updated regularly and/or different add-ons with unknown origin are installed.
This is a topic that can be widely discussed and there are many materials providing more detailed information that can be found on the Internet.
In case you find your website(s) hacked, we recommend that you cover these few bases:
- Take your site off-line - Take your site off-line temporarily, at least until you know you have fixed things.
- Damage Assessment- It is a good idea to figure out exactly what the hacker(s) were after.
- Were they looking for sensitive information?
- Did they want to gain control of your site for other purposes?
- Look for any files, which have been recently modified or created that you cannot recognize or you haven't edited yourself.
- Check for any suspicious activity inside your Web Hosting Control Panel, such as newly created email accounts, FTP accounts, etc.
- Determine the scope of the problem — do you have other sites that may be affected?
- The absolute best thing to do here is a complete re-installation of all application(s) using a fresh and updated copy acquired from the respective script vendor. It is the only way to be completely sure you have removed everything the hacker may have done.
- After the fresh re-installation, use the latest backup that has been made to restore your site. Do not forget to make sure the backup is clean and free of hacked content too.
- Update any software packages to the latest versions. This includes things such as blogs, content management systems, or any other type of third-party software installed.
- Change your passwords - the application admin password, the hosting account and the FTP passwords.
- Restoring your online presence - Get your site(s) back online and keep an eye on things, as the hacker(s) may try again.