My sites got hacked what to do

Depends on which window you left open

If you tell me the site and the nature of the attack I can throw some suggestions your way.

I suspect script vulnerability would be the most likely cause. Then followed by weak passwords.

These are easy to fix.

Roll back.

Identify the attack and patch it.

First - does your host do regular backups? If so, ask them to restore the sites.

Second. It's usually the index.html or index.php files(s) that are overwritten. If you are use straight html sites, just re-upload them.

If you are using Wordpress, this is what I do as there are several index.php files.

Do a clean install of wordpress on a sub-domain.

One at a time, ftp the index.php files onto your computer and from there to your damaged site(s). Each one is different, so make sure you put the right one in the right place.

Again, if it's Wordpress, are you able to log in to your dashboard? There are virus scanning plug-ins you can use to find and remove malware.

Edit: Just looked at your site in your sig. Looks like an index.php hack to me.

When you've cleaned the sites, add the Bad Behaviour plug-in.

PM me if you need any more help

I hope you have a backup of your store files It's also important to see when the backup was made and when you think your website got hacked. You can restore the backup and end up including the virus again if the website was hacked.

Was it a wordpress site? If yes, did you have any of the security plugins and .htaccess modifications to protect your sites from being hacked? My wordpress sites used to get hacked all the time but after a few plugins, it stopped.

Most times the hackers will put the code in multiple files on your website and it can be hard to track it all down

With respect to the rollback and restore suggestions. This generally will not assist for the following reasons:

1. Unless you manage your own backups you are subject to the whims of your provider. This could be daily, weekly or never
2. Many if not most sites are database driven. This means they are "LIVE" you will lose all the data between now and the last backup if that backup exists
3. You do not "Roll Back" servers. You restore, recover. But these are extreme measures

The best thing to do is keep your websites live and plug the problem. This could be shutting down mail outs. Looking through server logs. A temp turning off of the site. Do a complete search of your server for naughty scripts.

It is a pain but with good technical expertise you can get on top of it quickly.

Make sure you update to the latest Wordpress version. Have an automatic backup system in place to make it easier in the future. Contact your hosting providers to fix it, they should be able to help you out.

Check your .htaccess files as well..
if your sites are redirecting or loading other pages (from a different url) while your sites load it could be using your .htaccess file to redirect.
Especially if it's all of your sites and you have a .htaccess file in your root folder. (if this is the case, one thing you can do is first remove the malicious code they inserted into your .htaccess file, and then make the file read only.)

Your hosting provider should be able to restore from backups.

This happened to me a couple of weeks ago: 3 sites on the same server all hacked by hackers from eastern Europe. All the sites were Wordpress, so this is what I did to remedy the situation - and if you're running WordPress this is what I recommend you do, too :

1) Delete the entire site from the server – php scripts, MySQL databases, the works – and restore from backup. If you haven't been performing regular backups yourself, get on to your hosting company, as they almost certainly have. Tell them what's happened (the hackers may have got in through another site on the same server, so they need to know anyway) and ask them to restore your site. They may charge you for this, but it's money well spent.


1a) If you've asked your host to restore your site, download a “safety back-up” to your computer.


2) Install this plugin : WordPress › All In One WP Security & Firewall « WordPress Plugins (not an affiliate link). It's free, and does a lot of the things that others on this thread have suggested, but does them automatically. It does a whole lot more, too. Unless you're running a membership or shopping cart site, be sure to set up “brute force” login protection and change the MySQL database prefix.


3) Backup everything and download it to your computer.


The hackers have been back, but have so far been unable to get in again.

Just hand it over to your hosting account, they will have a security team that will scan all your directories including all your sites etc within the hosting account.

They will look for any malware or suspicious bits of code and clean them out while restoring it from a backup - which hopefully your provider does.

In future, you can either make backups yourself downloading it to your computer, a different hosting account or via a paid service online that will backup your hosting account regularly.

It dose happen to a lot of us on here. Your hosting account should be able to have you up and running in no time.

James

A lot of good advice has been given already so I won't add much. One suggestion I always like to make is to have a strong unique random password for all your sites. This can be easily accomplished with a password manager such as LastPass. This is a great tool that is free to use and will allow you to maintain a separate password for all sites that is strong and random. You can set it to launch your site and login automatically as well which is a real timesaver. With this tool you just need to remember a strong password to access it and then you're good to launch whatever site you want to login to.

There are also other password managers out there which work great too however this is the one I am most familiar with and use everyday. Just Google LastPass and you should see the link to go get it.

Jon.