My web site was hacked - Now what do I do?

My web site was hacked - Now what do I do?

Below are my recommendations regarding reports of your web site being hacked. Please pass this along to everyone who has been involved in uploading content to your web site.


1.
Change all FTP passwords, email passwords and passwords for any administrative portion of your web site.
It is possible your password has been comprised or stolen from your computer. After changing your FTP password it is important that you do not save your password within your FTP , web design software, or in email. In other words, write down your password on paper and do not save in your software (at least for the next couple of months).

Important:
- You must use SFTP (FTP over SSH) or FTPS from now on.
- You must set up SSL for any administrative pages on y our web site.

A great percentage of hacked web sites are compromised due to clients not using encryption. It is possible your computer may have a virus which monitors keystrokes or sniffs passwords as they passes through your network or computer. Using SFTP or FTPS will help prevent easy access to your passwords. Learn more here:
http://help.tvcnet.net/helpdesk/kb/article/000073


2.
Run a full antivirus scan on all computers which may have either stored your FTP username/password, or are used to publish your web site files. I recommend installing these:
http://www.malwarebytes.org/
http://tinyurl.com/5q36co

3.
Ask your web site designer to review web pages on server and compare them to what your web designer has on his/her computer.
Doing so may help to quickly identify whether additional HTML or code may have been added to your pages.
Re-upload your web site from your local copy if possible. Your web host's backup will likely include hacked files as well.

4.
Apply the latest patches to your web browser or any Adobe software installed on your computer(s).

5.
Do not use your main account password for FTP.
If your account includes a control panel which allows you to set up additional FTP accounts, set up an alternate FTP account for public_html (your web site's home directory), and use that instead.

6.
It is also common for hackers to overwrite files or directories saved with 666 or 777 (world writeable) permissions. Make sure all your permissions are set at 644 for files and 755 for folders (unless 777 is absolutely required).

7.
Review these web sites for tips and information:
http://unmaskparasites.com
http://tinyurl.com/64gswn
http://tinyurl.com/pc26gr
http://tinyurl.com/oofzz9

8.
If you have a Google Webmaster account, see:
http://tinyurl.com/5d6q5y
Then log in and click the "Request a review" link within Google Webmaster Tools.

More details may be found here:
http://tinyurl.com/qoxr69

The result of any review can be seen on the diagnostics page of the site:*
http://tinyurl.com/b3l34q
*When the page loads, replace "google.com" with your domain.



What can we do to help you resolve any hacked web site issues?

1.
By your request we will do a quick review of your web site to help you identify any obviously hacked web pages and give recommendations.

2.
We can try reverting your web site to an older backup. Though we need to first identify the pages on your web site which have been modified with malicious code before doing so.

3.
If you do not have a web professional who is willing to review and remove the hacked code from your web site we can provide this service if required. More details may be found at http://hackrepair.com