Base de connaissances

While every case is different, there are many different reasons why someone would want to hack your web site:

• To install viruses or malware so that they may spread quickly to other users,
• To send spam,
• To collect sensitive information for unsuspecting users (often referred to as phishing),
• Because they can, or to prove they are competent hackers.
• To purposely disrupt your specific business or organization, although this is the rarest of cases

It may be useful to note that in most cases, web sites are hacked or exploited by automated scripts running on other compromised servers on the Internet.

How did my account get hacked?

There are generally two ways this may have happened:

1. Your password was compromised. It may have been guessed (password that was too easy), used by someone you trust, stolen from your computer (often by an automated virus or through an unencrypted network connection). This could be your cPanel password, your Client Area password, FTP password, or your custom software's Admin password.

2. Your web site contained scripts or web applications that had security vulnerabilities which were exploited, allowing the hacker to gain control of your account. This is particularly common with Joomla, Wordpress, and phpBB applications when they are not up-to-date.

How do I know if my account has been hacked?

Sometimes a hacker will boldly display the fact that your site was hacked on your main web site. Other times, however, it can be much harder to detect that your site has been hacked. Hacked web sites may:

1. Inject code in your web page's HTML code that installs fly-by viruses or malware that infects your web site's visitor. Infected sites will generally be blocked by certain web browsers and search engines in order to limit the spread of the virus. This will evidently cause substantial loss of traffic to your web site.

2. Contain visibly pirated web pages (with links and images that are not yours) .
3. Contain an exact replica of some other site (called « phishing »).
4. Send spam emails from your account .
5. Install scripts that may remotely attack other web sites or attempt to damage and further compromise the server.

Our servers are regularly scanned and monitored for suspicious activity, and we may alert you by email if we believe your account to have been compromised. In some extreme cases, it is possible that we suspend immediately your account to prevent important problems on the server.

Other ways of detecting possible issues with your web site are:

1. Check your site for Malware using the free Sucuri SiteCheck tool
2. Inspect the files and folders in your web site with the tool of your choice (FTP, File Manager, etc), and pay particular attention to files you don't recognize.
3. If you are using software such as Wordpress, Joomla or other CMS, ensure there aren't other authorized administrators on your account

What Should I Do If My Web Hosting Account Has Been Hacked?

Once an account is confirmed to be hacked, several important steps need to be taken:

1. Stay calm, but act quickly! Waiting more than 24 hours following a hacking incident may seriously hamper your ability to recover your website.
2. If you are not the person who manages your web site, immediately contact the person in charge of your web site and inform them of the problem
3. Run a complete anti-virus scan of your computer and any other computers having had access to your web hosting account in the past, with an up-to-date antivirus.
4. Use one of our previous backups to restore a clean version of your website.
5. By now your site is hopefully restored to a functional state and you are ready to address the security issues that had initially allowed the security incident to occur in the first place. It is generally best to assume that any sensitive contents on your hosting account (including emails, database passwords) have already been compromised, so you may wish to react accordingly. Start by changing all your passwords.
6. Update any software you have installed on the server, including their core, plugins, themes and extensions. This should be done with the person or people that have built your web site in order to ensure nothing breaks.
7. Delete any old installations you may have installed and forgotten about, as they pose potential security threads.