Web Site Security Breaches
Posted by Flora Lui, Last modified by Flora Lui on 26 July 2017 05:44 AM
Having your web site's security breached is never a fun thing to wake up and find in the morning. It can be a pain to deal with, so with that in mind, here are some helpful tips and suggestions on the steps you should take to get your web site back to normal. If you can provide a URL that is hacked or a snippet of the hacker code, we can do a scan for you to get a list of files that are hacked. This may help if you choose to manually edit the hacked files to remove the code or want to know how invasive it is.
Update Your Passwords
The first thing you should do is update your hosting account password. When doing so, please make sure you are doing it from a known good machine (that could not have been infected). If not, then if you had a keylogger (for example) on your computer, it could grab the new password too. This can be done via the Client Portal at:
You might also want to update your password for other PacificHost services you are signed up for such as the Client Portal and Help Desk Logins. Do you have any scripts (like forums, blogs, galleries) that would use a user name and password to login to the administrator section? If so, you should update the password on any of them you have installed on your hosting account.
Scan Your Computer for Viruses, Keyloggers, Malware and More
There are many bad things that you may download on purpose or by accident on the Web that could
There are many different ones to choose
Note that while windows
Clean Up Your Web Site Files
Another important step when it comes to dealing with web site security breaches is to get every last bit of the exploit to keep it from coming back. They usually plant a back door. You want to review your web site files and look for anything that does not belong, or you can not identify as being
Here's the basic list of files/folders on new linux-based accounts:
You may also see the following, depending on your account activity:
Look at your web stats for unusual activity. Download the web and ftp access logs to look for suspicious activity and ban suspicious IPs in your control panel or via .htaccess. Be careful not to ban your own IP. Please also enable archiving in Raw Log Manager if using cPanel to keep the logs longer in case they hit again.
Check all files on the account for any you did not create or upload. Create a backup of the account in your control panel under Backups as it is right now before deleting or altering any files.
Check for extra FTP users in FTP Manager and delete any extra ones you find that you did not create.
Update all scripts and script plugins on the account to the latest versions. Delete any you are not currently using.
Make sure your domains are locked so they cannot be transferred in case the hacker got your password(s). Support can lock them for you if you ask. You can tell if they are locked by checking them in Whois. If the status is “OK”, the domain is not locked.
Contact PacificHost Support
Submit a support ticket in about the issue (if you have not done so yet). If you have a backup of your files, you may upload it to the server and support can help to restore it at no charge. If you do not have a backup, time is of the essence as our tapes recycle about every 3 days (that would be 3 days from the time the files were changed, not the time you noticed).
If you can provide a URL that is hacked or a snippet of the hacker code, we can do a scan for you to get a list of files that are hacked. This may help if you choose to manually edit the hacked files to remove the code or want to know how invasive it is.