My website has been hacked, what do I do now?

If your web hosting account has been disabled because of a security issue you may be wondering what to do now?

In summary:

  • Remove all files from your hosting account
  • Request account reactivation by contacting support *
  • Clear out database
  • Restore files and database from back-up made before the attack took place
  • Fix the vulnerability (or it will just happen again)

The details:

Once a site has been compromised, you have to treat all files as infected. The hacker could easily have modified any file. You are welcome to make a backup of all the files, but this backup is to be used for reference only; none of these files should make their way back onto the server. If we have disabled the site, control panel access would be locked too and you will have to do this using an FTP client such as FileZilla. If FTP access is also locked, or if you don’t have the details requried to conenct, contact us and we’ll help.

Once that’s done, *if your hosting package has been disabled, let us know and we can request reactivation for you. This will restore the service and access to the hosting control panel.

Often, these attacks alter data stored in the database, which means you’d have to clear that out too. This can be done via “MySQL Databases” under “Web Tools” in the hosting control panel.

Now you can restore both the files and database using a backup which was made before the site was hacked. If you do not have a backup, we can check with our data-centre to see if they have one available. Please note, restoring from such a backup incurs a charge we would have to pass on to you.

At this point, your site should be back to the state it was in before the hack. DON’T STOP THERE! We are not done. Your site is now just as vulnerable to attack as it was when it got hacked. You now have to make sure you update to the latest version of all software, add-ons/extentions/plug-ins and scripts you are using. It would also be a good idea to change any SQL passwords used, since these may have been compromised.

We would also recommend reading the following article on our blog:
Securing WordPress and Joomla! websites