My website has been hacked - what to do?
If it is proven that a hosting package contains malicious code or executes processes that may compromise performance or security (also for other clients), we will suspend the affected hosting package.
Reasons for suspension may include:
- CPU-intensive processes or scripts (e.g., Crypto Miner or faulty scripts)
- Generating constant high loads by faulty MySQL queries
- Phishing pages installed by hackers
- Services causing network traffic disruption (e.g., outgoing denial of service attacks or, for virtual servers, incoming denial of service)
- Mass email sending or proven SPAM sending
In case of compromise, it is advisable to first restore an uncompromised copy of the website. For this purpose, you can use one of the backups we have created or a personal backup.
But make sure in any case that the backup used does not already contain malicious code. Ordinary desktop antivirus scanners are not suitable for this type of check, as this type of malicious code is often not detected by them. If you have no experience with compromised websites and/or are unsure about removing malicious code, we strongly recommend hiring a professional to check and clean the website data for you.
Once the web space has been cleaned by you, please contact hosting.fr support at support@hosting.fr. We will then restore access to the web space.
After a successful cleaning of the web space or after restoring an uncompromised backup, an immediate update of your CMS to the latest version is absolutely necessary. Similarly, all used plugins and themes must be checked for possible vulnerabilities and updated, otherwise, in almost all cases, the web space will be immediately re-infected.
According to experience, for smooth and safe operation of a CMS, the quick application of patches has become indispensable, especially if it is an open-source CMS like Joomla or Wordpress. Once new security vulnerabilities are discovered, they are often exploited within the first 24 hours for attacks.
Many users believe they are safe because their site is small and unknown. However, most of these hacking attacks are entirely automated and simply scan widely for “open doors,” which is an illusion. Any website with vulnerabilities can potentially be the next affected.
Therefore, it is imperative to regularly apply security updates and patches for your CMS and for the used plugins and themes, to protect your visitors and yourself from damage. It is also recommended to regularly uninstall unnecessary plugins and software, to minimize the attack surface for hackers as much as possible and thus increase security.