My web site was hacked – Now what do I do?

Infected website? Please pass this along to anyone you know who has been hacked recently.

I provide free phone support as well, so if you find any of this confusing just call me, (619) 479-6637

 

“My website has been hacked. How do I fix my website or repair my WordPress blog?”

 

1. To start, change all FTP passwords, email passwords and passwords for any administrative portion of your web site.

It is possible your password has been comprised or stolen from your computer. After changing your FTP password it is important that you do not save your password within your FTP software, web design software, or in email. In other words, write down your password on paper and do not save in your software (at least for the next couple of months).

Hack me at the Coffee shop. I dare you!A great percentage of hacked web sites are compromised due to clients not using encryption. And it is also possible your computer may have a virus which monitors keystrokes typed directly into your computer or sniffs passwords as they pass through your network or computer. Network sniffing can be avoided by using FTPS and will help prevent easy access to your passwords.

Important:
– If possible use FTPS from now on (if possible).
– Set up an SSL certificate at your domain name, then connect using SSL (https://) when possible. If your site is running WordPress, check out the WordPress HTTPS plugin.

 

2. Run a full antivirus scan on all computers which may have either stored your FTP username/password, or are used to publish your web site files. I recommend installing these:

http://www.malwarebytes.org/
Excellent malware scanning software, with a free download option.

http://www.microsoft.com/security/default.aspx
Start with Microsoft’s website for free or low cost security options.

http://download.cnet.com/windows/internet-security-software-suites/
CNET writes fairly current reviews on the latest antivirus apps. I would start here.

 

3. Ask your web site designer to review all web pages on server and compare them to what your web designer has on his/her computer.

Re-upload your web site from your local copy if possible (since your web host’s backup may include hacked files as well).

If you are running a WordPress website, need someone to help manage the security of your blog, and can afford 30 cents a day, then see HackGuard.com.com for more details.

 

My website was hacked
4. Apply the latest patches to your content management system.

A content management system, like WordPress or Joomla, may have plugins or components which require periodic updates. Make sure to check and maintain the latest versions of plugins and components on “a monthly” basis.

For WordPress, see Dashboard -> Updates. The “Re-install Now” option may help to clear some hacker files as well.

 

5. Do not use your main account password for FTP.

If your account includes a control panel which allows you to set up additional FTP accounts, set up an alternate FTP account for public_html (your web site’s home directory), and use that instead.

 

6. Review these web sites for tips and information:

 

7. Is Google blocking your web site?

http://www.google.com/safebrowsing/diagnostic?site=http://google.com
*When the page loads, replace “google.com” with your domain.

 

8. If your site was marked as harboring malware, and you’ve since cleared out the hacked code, log into your Google Webmaster account:

https://www.google.com/webmasters/tools/home?hl=en

Click the “Request a review” link within Google Webmaster Tools.

 

 

9. Other Services:

For Bing and Yahoo, see: http://www.bing.com/toolbox/webmaster/
Bing Webmaster Tools, Malware Review Request Form
Below was the old Bing and Yahoo review request form. May still be active and usable.
https://support.discoverbing.com/eform.aspx?productKey=bingcontentremoval&ct=eformts

Then, look for these specific options, “What type of problem do you have?” -> “My site has a malware warning -> “The malware has been removed” -> and fill out the remaining information boxes as best you can. Then click the “Continue” link at bottom.

Trend Micro Internet Security has blocked my website?
If Trend Micro Internet Security lists your website as dangerous, and you know this is not the case, see http://global.sitesafety.trendmicro.com/

Norton Antivirus has blocked my website?
How to request Norton Antivirus unblock your website involves going to Norton Safe Web and submitting your site for rating or re-evaluation. See http://safeweb.norton.com/help/site_owners

AVG Antivirus has blocked my website?
How can I check whether AVG Antivirus is blocking my website? See http://www.avg.com.au/resources/web-page-scanner/

 

 

 

 Website Warnings Wall of Shame

 

Chrome: Danger: Malware Ahead!

Chrome: Danger: Malware Ahead!Danger: Malware Ahead!

Safari | Warning: Visting this site may harm your computer

Safari | Warning: Visting this site may harm your computer

Chrome: The Website Ahead Contains Malware!

Chrome: The Website Ahead Contains Malware!

Google | Warning - visiting this web site may harm your computer!

Google | Warning – visiting this web site may harm your computer!

 

Summary
Article Name
My website was hacked - Now what do I do?
Author
Description
My website was hacked - Now what do I do? Internet and website security expert Jim Walker shares his advice for repairing your hacked or infected website. Solid tips to get you back on track and information on preventing hacks or malware infection in the future.
The following two tabs change content below.
Jim Walker has been a website security expert and website hosting services provider for over 16 years. Living in San Diego, California, his current passion is everything WordPress. He manages HackRepair.com, a malware cleanup and website security services company, and HackGuard.com, a WordPress security and WordPress management service.

Latest posts by Jim Walker (see all)

Your Comments or Questions for The Hack Repair Guy?

Loading Facebook Comments ...
Loading Disqus Comments ...

Comments

Leave a Reply

You must fill in your Livefyre SiteID in the Comments Evolved plugin options.