I think my website has been hacked

If you think your website has been hacked, it’s good to determine the nature of the hack as soon as possible. There’s many different types of hacks and some hacks can be malicious. Other hacks are just defacements to your actual webpages. We recommend that you regularly back up your website and store them on your local computer. If you ever have to restore your website, maintaining backups to do so can be invaluable.

**Note: If you already know you have been hacked, please see our article on recovering from a hack

How can I tell if my website has been hacked?

Some hacks are quite apparent since they deface your page, while others are more subtle. Here are some common signs that your website has been compromised:

• Your home page has changed. If you visit your website, and instead of seeing the page you have created you see something entirely different it’s likely that your page has been “defaced.” Normally, these types of hackers will have a “hacked by…” message displaying to take credit for the hack.
• Your access to admin pages no longer exists. If you cannot access your admin section of your website, it’s possible the hacker has gained access to the adminsitrator account or cpanel and altered the passwords.
• You get a Google Warning page. This is an indication that google has scanned your website, and one of the Google bots has found some code that is known to be malicious. If this is the case, Google will display a red warning page.
• Your computer’s anti-virus software warns you when you visit your website. This is a typical situation where your website is trying to install a trojan or another type of virus on your local computer.
• A page will not load but it used to. If you haven’t changed anything on your website and it is now not loading this could be a sign of a hack. This is not a typical hack but usually inidcates that the hacker has modified a database so it no longer functions as it should.

How was my website hacked?

The most common methods of hacking a website are:

• Compromised cPanel or FTP account password
• Code Injection
• Remote File Inclusion

If you password has been hacked or compromised, this will typically be a defacement type of hack. If you use a content management system, the hack was usually done be exploiting the software. It is important when you use CMS software such as Joomla, WordPress, and OSCommerce to keep the software up to date.

How can I fix my hacked website?

Each hack is different so it is extremely difficult to suggest an exact method to resolve a hacked site. Here are some general methods to fixing a hacked website:

• Change your passwords to your account. This is the best practice for any hack. This is the quickest way to limit the access to the website. By doing this, you can limit the access to your account. You should change your WordPress, FTP, and cPanel passwords.
• Update all programs used on your hosting account. If you use a third party shopping cart or CMS it’s important to keep that software up to date. This is because most updates are used to secure the actual software. As vulnerabilites are found the patches are released.
• Update software on your local computer. Some programs such as Flash, have vulnerabilites that allow hacked to access data on your computer. We’ve seen some hacks even designed to search around for saved FTP credentials.
• Run a malware or virus scan on your local machine. It is possible that you have picked up a piece of malware or virus that is copying your passwords.

For more information on fixing a hack, please see our article on recovering from a hack.