Submit a Ticket
Support Center » Knowledgebase » Web Server (Apache + IIS) » Website Infections

Website Infections

There are few frequently possible website infections. In the most of the cases the main site page is replaced (compromised) with another one, uploaded by a hacker. There are also specialized hackers who upload whole programs to the website, in order to take the website’s domain and look for big security holes.

This is most likely a result of a compromised and not fully updated application, site, exploitable php scripts, etc, which can be used by the attacker (most of the time an automated spider).  You can check the following tool to see if your website is being currently reported by 3rd parties as phishing or containing malware: 
https://sitecheck.sucuri.net/


Important note: all websites are prone to attacks.

Most of our clients are using more than one application and/or 3rd party's software. In these cases knowledge is required about how to avoid attacker attempts.

Here are some useful tips! 

* Regular update of each application
* Regular changing of passwords /control panel, ftp, email /
* Regular reviewing and investigating for malicious content. /highly recommended/

If you are currently using WordPress platform, please review the following article as well: 

We highly recommend that you review the following WordPress security tools!

1) WordFence - available through: https://www.wordfence.com/ (Offering Free + Premium version)


The update of your applications is a process, which can be handled by yourself. This can be done automatically or manually.

 Please note: if the application was manually installed, it should be manually updated as well.

An automatic update can be done trough the application's web administration /recommended/ or cPanel's Softaculous interface. 

Here are some related pages with information, describing this process for two of the most common platforms - WordPress & Joomla


http://codex.wordpress.org/Hardening_WordPress
http://codex.wordpress.org/FAQ_Installation
http://codex.wordpress.org/Updating_WordPress
http://wordpress.org/news/2009/09/keep-wordpress-secure/
http://codex.wordpress.org/Hacking_WordPress

http://docs.joomla.org/Upgrade
http://docs.joomla.org/Security_and_Performance_FAQs
http://docs.joomla.org/Security

You can use Feedburner by Google in order to subscribe for newsletters reporting all new security updates.
The link below is for WordPress update reminder subscription.


http://feedburner.google.com/fb/a/mailverify?uri=wordpress-releases&loc=en_US

If your website is already infected you can use c
ommercial assistance from companies such as Sucuri, for more info, please check https://sucuri.net/website-security/sc-clean-hacked-website (Please, note that we are NOT affiliated with this company). You may find other similar solutions such as SiteLock.

 This answer was helpful  This answer was not helpful
 Back