The most common reasons for a hacked (defaced) website include:
– Outdated web application.
Every popular web application (Joomla, WordPress, PhpBB…) has had security problems and that’s why you have to use always the latest version.
– Outdated web application extension.
If you have installed any third-party extensions, you have to keep them up-to-date just as you keep your main web application. Very often users neglect this fact and outdated extensions become easily exploited by intruders.
– Weak user/administrator passwords.
You must ensure that all users have strong passwords, especially the admin and the ones who can create content for your site. For this reason, make sure to have updated antivirus software and scan your computer for viruses regularly.
Please be sure that if your website has been hacked, it is not linked to server safety. Our servers have advanced security modules (such as Apache mod_security, Suhosin PHP hardening, PHP open_basedir protection and others). Which would most likely show, that the issue would lie in your website.
What do I do if my Website is Hacked?
There are lots of various types of website hacks. Hacks can be malicious such as placing a virus on your website that your visitors may get. The hacks can also just change the text on your front page. It is extremely important to determine the hacking of your website, how it was hacked, and then how to restore the site to its status prior to the back.
Has my website been hacked?
Some website hacking is obvious, while others are more subtle. Signs that your website has been hacked:
- The front page is “defaced.” When you visit your website, instead of your page there is a completely different page. Often these pages will have a “hacked by….” message on them.
- No longer able to log in to any of your admin pages. This happens when you are having trouble logging into your CMS administrator login and your cPanel. So, it is possible that the hacking on your site was successful and the passwords were changed.
- Get a Google Warning when visiting your website. Google would scan all websites for malicious coding. When you visit your site through a Google search or in Firefox/Chrome it will display a red warning page.
- The computer anti-virus software warns you when you visit your website. There is a virus or trojan that your website is attempting to install on your computer if your anti-virus warns you about it.
- A page that previously loaded now suddenly unable to load. This is less common. However, it could happen where a hacker has modified for example a database on your website that made the site no longer function properly. In this case, you may get a “can not connect to database” or similar message when loading a page.
How do I scan my site for Malware?
How was my website hacked?
The more common methods used to hack websites include:
- Hacked cPanel or FTP password
- Code injection – http://en.wikipedia.org/wiki/Code_injection
- Remote File Inclusion – http://en.wikipedia.org/wiki/Remote_File_Inclusion
If your password has been hacked, generally this will lead to your front page being “defaced”. This is because the hackers will upload their own index page. If you use software such as WordPress, ZenCart, or other programs, often time the hacks are done through an exploit in those programs. In many cases, if you use a CMS program the database will be hacked as well and you will need to restore it.
How do I fix my website that is hacked?
It is difficult to give an exact method to resolve a hacking issue. This is due to there are many different types of website hacks. However, you can correct your website by:
- Restoring the backup of your website. The easiest way is to restore your site from a version that you saved prior to the site being hacked. If you have the automated backup service, you will need to restore your own backup of your website. You can do this through the cPanel.
- Removing the coding from the .htaccess file. Often, if the code injection has hacked the site, you will see a “re-direct” in your .htaccess file in your public_html folder. Then, open your .htaccess file and look for any lines of coding that look suspicious. After that, delete the suspicious lines of coding, and then save your changes.
What should I do to prevent my site from being hacked?
Depending on the cause of the hack, there are some actions you can take to help prevent hacks in the future, which are by:
- Updating Software/Plugins: If you are running a CMS, such as Joomla, WordPress, or Drupal, I recommend checking to make sure you updated it and any plugins/Addons as security exploits may have been fixed by the developers. You can update most programs from Softaculous, but plugins/themes will differ in how they are updated. Therefore, I recommend following the developer’s instructions.
- Changing any passwords for your account. We recommend it to always be your first step. In case your passwords were compromised, change your cPanel password, any FTP account passwords. If you use WordPress or a CMS change that password as well.
- Updating Programs running on your hosting account. If you use third-party software to build your sites, such as WordPress or Joomla, make sure you are using the most up to date version. This is because the security exploits may have been fixed by the developers.
- Updating Programs running on your computer. Hackers are able to access data on your computer. Through some programs, such as Adobe’s Flash, which include vulnerabilities, they can do this easily. They then sniff around and find data, such as FTP usernames and passwords that are in some programs. Be sure that you keep all of your software up to date. This is because most developers often release security patches.