My website has been hacked, what do I do?
Added: 10.03.2014 23:26:29 Last updated: 08.10.2016 01:34:46
Unfortunately, we regularly see websites being hacked. Generally this will be due to customers not having followed the steps in the guide How to secure your website against hacking attacks. Should it occur anyway, you should follow these steps:
- Notify PRO ISP
If you have discovered that someone has placed something on your website that you cannot recognize as your own, or if a message is displayed by your browser saying that your website can be harmful, you should contact support immediately, if PRO ISP are not already involved in the incident.
Your web hosting account will be suspended while we investigate it. Unfortunately, this has to be dine in order to ensure that the server is not subjected to attacks through your account.
- Await PRO ISP's investigation of the attack
Once our technicians have investigated the incident, the following will have been done:
- files containing suspicious code discovered by a scanner will automatically have been deleted for you
- we will have determined the timing of the attack in our internal systems
- if the attack did not take place too long ago, we will be able to see how it occurred (the logs may have been rotated, in which case we will not have enough information to determine how it happened)
- you will have received en email containing information about the attack (this information may come through the case in our support system, if you notified us there)
- you will have received an email informing you that you may ropen your web hosting account
- Open your web hosting account
Log in to the customer pages of our website and reopen your account. Before you do this, it is important that you set aside the time to secure your website. If you do not follow the points below, you will most likely get hacked again within a short time, which will incur additional costs if our technicians can determine that they were not implemented before you got hacked again. More information on this is found on the page where you repoen your website.
- Set new passwords
You should set new passwords for all services connected to the web hosting instance. These include:
- cPanel user
- FTP accounts
- email acconts
- database users (remember to update the configuration for scripts that use the logins for which you are changing the passwords)
- users in scripts (especially the ones that have access to uploading files)
- Delete and restore
Hacking attacks have become so extensive that in most cases it will be necessary to delete everything in the affected script folder and then restore the contents from before the hacing attack took place. Before deleting the contents, you should make sure that you have a backup from before the time of the hacking attack. It is important that you perform a deletion before doing a restore, because hackers will place files and folders that would otherwise linger, so you could continue to get hacked. You can check for backups and restore contents by following the guide Restoring from a web hosting backup.
If the hacking attack took place before the last backup was made, we recommend that you start out with a clean installation of the script you are using, and then try to add the data. Should you choose to clean the hacked script instead, it is vital that you look over all of the files and folders for suspicious code in order to prevent a repeat attack. You must be very skilled in coding and script configuration to be able to clean the hacked script in a satisfactory manner.
- Secure the website
Follow the guide How to secure your website against hacking attacks to the dot. Securing a website is a continuous task. If you follow the points in the guide, you will most likely never get hacked again.