Below are my recommendations regarding reports of your web site being hacked. Please pass this along to everyone who has been involved in uploading content to your web site.
1.Change all FTP passwords, email passwords and passwords for any administrative portion of your web site.
It is possible your password has been comprised or stolen from your computer. After changing your FTP password it is important that you do not save your password within your FTP software, web design software, or in email. In other words, write down your password on paper and do not save in your software (at least for the next couple of months).
Important:
- If possible use FTPS from now on.
- Set up SSL for any administrative pages on your web site.
A great percentage of hacked web sites are compromised due to clients not using encryption. And it is also possible your computer may have a virus which monitors keystrokes typed directly into your computer or sniffs passwords as they pass through your network or computer. Network sniffing can be avoided by using FTPS and will help prevent easy access to your passwords. Learn more here:
http://help.tvcnet.net/helpdesk/kb/article/000073
2.
Run a full antivirus scan on all computers which may have either stored your FTP username/password, or are used to publish your web site files. I recommend installing these:
http://www.malwarebytes.org/
Excellent malware scanning software.
http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
Provided by Microsoft, Microsoft Defender actively monitors your computer for spyware.
http://www.safer-networking.org/en/download/
My personal favorite, Spybot-S&D does a great job in monitoring and stopping spybot installations.
3.
Ask your web site designer to review all web pages on server and compare them to what your web designer has on his/her computer.
Re-upload your web site from your local copy if possible. Your web host's backup will likely include hacked files as well.
4.
Apply the latest patches to your web browser or any Adobe software installed on your computer(s).
5.
Do not use your main account password for FTP.
If your account includes a control panel which allows you to set up additional FTP accounts, set up an alternate FTP account for public_html (your web site's home directory), and use that instead.
6.
It is also common for hackers to overwrite files or directories saved with 666 or 777 (world writeable) permissions. Make sure all your permissions are set at 644 for files and 755 for folders (unless 777 is absolutely required).
7.
Review these web sites for tips and information:
First review http://unmaskparasites.com
Then review http://sites.google.com/site/webmasterhelpforum/en/faq-malware-and-hacked-sites
8.
See why Google is blocking your web site here:
http://www.google.com/safebrowsing/diagnostic?site=http://google.com
*When the page loads, replace "google.com" with your domain.
9.
Then, after you've cleared out the hacked code, log into your Google Webmaster account:
https://www.google.com/webmasters/tools/home?hl=en
Click the “Request a review” link within Google Webmaster Tools.
For Bing and Yahoo, go to https://support.discoverbing.com/eform.aspx?productKey=bingcontentremoval&ct=eformts
Then, look for these specific options, "What type of problem do you have?" -> "My site has a malware warning -> "The malware has been removed" -> and fill out the remaining information / boxes as best you can.
then click the "Continue" link at bottom.
What can we do to help you resolve any hacked web site issues?
1.
By your request, we will do a quick review of your web site to help you identify any obviously hacked web pages and give recommendations.
2.
We can try reverting your web site to an older backup. Though we need to first identify the pages on your web site which have been modified with malicious code before doing so.
3.
If you do not have a web professional who is willing to review and remove the hacked code from your web site we can provide this service if required. More details may be found at http://hackrepair.com
