An account is considered pirated (or hacked) when an unauthorized individual (or automated software, such as a virus) has compromised its security measures in order to retrieve information, deface/alter its contents, or use it as a platform for further attacks.
Why would someone want to hack my web site?
While every case is different, there are many different reasons why someone would want to hack your website:
- To install viruses or malware so that they may spread quickly to other users
- To send spam
- To collect sensitive information for unsuspecting users (often referred to as phishing)
- Because they can, or to prove they are competent hackers
- To purposely disrupt your specific business/ organization - although this is the rarest of cases
It may be useful to note that in most cases, websites are hacked or exploited by automated scripts running on other compromised servers on the Internet.
How did my account get hacked?
There are normally two ways this might have happened:
-
Your password was compromised. It may have been guessed (password was too easy), used by someone you trust, stolen from your computer (often by an automated virus or through an unencrypted network connection). This could be your cPanel password, your Client Area password, FTP password, or your custom software's Admin password.
- Your web site contained scripts or web applications that had security vulnerabilities which were taken advantage of, allowing the hacker to gain control of your account. This is particularly common with Joomla, Wordpress, and phpBB applications when they're not up to date.
How do I know if my account has been hacked?
Sometimes a hacker will boldly display the fact that your site was hacked on your main website. Otherwise, it can be much harder to detect that your site has been hacked. Hacked websites may:
-
Inject code in your web page's HTML code that installs fly-by viruses or malware that infects your web site's visitor. Infected sites will generally be blocked by certain web browsers and search engines in order to limit the spread of the virus. This will evidently cause substantial loss of traffic to your website.
- Contain visibly pirated web pages (with links and images that are not yours).
- Contain an exact replica of some other site (called phishing).
- Send spam emails from your account.
- Install scripts that may remotely attack other websites or attempt to damage and further compromise the server.
Our servers are regularly scanned and monitored for suspicious activity, and we may alert you by email if we believe your account has been compromised. In some extreme cases, it is possible that we might have to suspend your account to prevent even more serious problems on the server.
Other ways of detecting possible issues with your website are:
- Check your site for Malware with Sitelock.
- Inspect the files and folders in your website with the tool of your choice (FTP, File Manager, etc), and pay particular attention to files you don't recognize.
- If you are using software such as Wordpress, Joomla or other CMS, ensure there aren't other authorized administrators on your account
If you suspect a hack but don't see any evidence of it, we encourage you to change all of your passwords and contact our Support team to request a free malware scan or a Premium Security Audit.
What Should I Do If My Web Hosting Account Has Been Hacked?
Once an account is confirmed to be hacked, several important steps need to be taken:
- Act quickly - waiting for more than 24 hours after a hacking incident may seriously hamper your ability to recover your website.
- If you are not the person who manages your web site, immediately contact the person in charge of your website and inform them of the problem
- Run a complete anti-virus scan of your computer and any other computers that had access to your web hosting account in the past, with an up-to-date antivirus.
- Request that your account be restored from a clean backup. Depending on the nature of the hacking incident, restoring a clean backup can be a helpful free alternative but (a) requires you to have a clean backup available and (b) may cause you to lose some data if the backup is not very recent. Contact our support team for further assistance.
- By now your site is hopefully restored to a functional state and you are ready to address the security issues that initially allowed the security incident to occur in the first place. It is generally best to assume that any sensitive content on your hosting account (including emails, database passwords) have already been compromised, so you may wish to react accordingly. Start by changing all your passwords, including:
- Client Area - Login to the Client Area and click on Profile > Change Password
- cPanel - Login to the Client Area and click on My Services > (if you have more than one service, View Details of affected service) > Change cPanel Password
- Email Accounts - From the cPanel, under Email Accounts (scroll to the bottom and select Change Password on the right next to an email)
- Additional FTP Accounts - From the cPanel, under FTP Accounts
- Database Users - From the cPanel, under MySQL Databases. You'll need to create a new database user, grant him the necessary permissions to your existing database, then remove the previous database user.
- Any Admin users for your Wordpress, Joomla, or other PHP software you run on your site.
- Update any software you have installed on the server, including their core, plugins, themes, and extensions. This should be done with the person or people that have built your website in order to ensure nothing breaks
- Delete any old installations you may have installed and forgotten about, as they pose potential security threats.
- We have also compiled several Wordpress and Joomla-specific tips:
For Wordpress Sites:- Update your wp-config.php file in your Wordpress root directory with the new database password.
- Still in the wp-config.php file, change all your security keys to ensure cached active sessions are not permitted to connect with logging in again. You can use this tool to generate new ones.
- Change all your Admin user's passwords
- We recommend installing the free WordFence security plugin for added protection. You'll find this through a search from the Wordpress plugins section.
- Update your core Wordpress version, all plug-ins, themes, and modules.
- Read more about hardening your Wordpress installation here: http://codex.wordpress.org/Hardening_WordPress
For Joomla Sites- Update your configuration.php file in your Joomla root directory with the new database password
- Update your Joomla core and other extensions to the latest available versions
- Change all your Admin user's passwords
- Complete the Joomla security checklist: http://docs.joomla.org/Security_Checklist/Joomla!_Setup
- Read more about Joomla security here: http://docs.joomla.org/Security
What Should I Do If My Dedicated Server Has Been Hacked?
Dedicated servers compromised at the root level are very difficult to fix or patch. We highly recommend you perform a backup of all needed files from your server and consider reinstalling the Operating System and Control Panel (if any), then manually restoring the content after verifying that it is not infected.
Always keep your dedicated server software, kernels, and components updated on a regular basis. Our Server Management plans also help you ensure you are better protected against potential security threats.
If you still have questions or concerns, make sure to contact us by opening a support ticket or by using our live chat feature.