My Webspace has been hacked, what can I do?
Obviously unauthorized third parties succeeded in placing malicious code like computer viruses or malware within your webspace. In most cases this malicious code enables the attacker to send out spam emails or to affect the functionality of other computer systems with a so-called Denial-of-Service (DoS) attack, which means an abusive use of your webspace. In this case we are both legally obliged to and according to §7.3 of our general terms and conditions entitled to take necessary measures to prevent the abusive use.
How could that happen?
In most cases the malicious code has been infiltrated by exploiting well-known security vulnerabilities in content management systems (CMS) like WordPress, Joomla or Drupal, which the clients use within their webspace.
In many cases the clients used an insecure password for the FTP login or the administrator access of a CMS in use that could be guessed by the attacker and resulted in misuse.
Why has my website been attacked?
In the vast majority of cases your websites have been randomly selected. Attackers use software tools to automatically identify for entire networks whether and which websites are susceptible to certain known security vulnerabilities to further use them fully automated to insert malicious code. Rather rarely websites are chosen specifically for an attack (e.g. by competitors).
What can I do to clear my webspace?
First of all you should backup the contents of the corresponding directory in your webspace and all databases your webspace includes. Thus you secure evidence that could be requested by an insurance company or an investigating authority, or it could even be helpful to identify the cause.
Subsequently, we recommend to delete the whole content from the directory in your webspace and to restore it from a backup version. If the malware was smuggled in some time ago, but has not been immediately detected, even the backup may contain the malicious code. If so, you should try to remove the malicious code manually, in doubt by deleting the files identified by us. There is a risk that the malicious code cannot be completely removed and that could affect the funtionality of your website.
In conclusion you should definitely install all security updates that are available for your software and change the passwords for the corresponding administrator and FTP accesses for your webspace.
How to avoid such problems in the future?
Unfortunately, there is no possibility to completely exclude security gaps, but among others, the following measures could help to avoid such events in the future:
- At least once a week you should check the availability of new security updates for your software and install them immediately (especially for WordPress, Joomla or Drupal and related modules and themes)
- If possible please activate automatic installation (automatic background updates) of security updates
- Your passwords should be at least 8 characters long and contain upper- and lower-case characters, numbers and at least one special character.
- You should avoid common usernames like „admin“ or „administrator“
- You should create regular backups of all your webspace content and your databases.
- If you don‘t have the corresponding expertise, you should ask a professional service provider for further preventive measures.