To move files between your computer and your website, you use File Transfer Protocol (FTP). Like most things computers do, there's a password associated with it — this makes sure that only those you've given the password can access your files.
However, simple passwords are easy for attackers to guess, granting them access to your website's files. From there they can insert malicious code on your Website, which can harm your visitors' computers — redirecting them to other Websites or installing malicious software.
If your account has been compromised via FTP, we'll identify some of the red flags that should let you know, as well as steps that you can take to clean the infected files and prevent further damage.
There are a few signs that your Website's been hacked, including (but certainly not limited to):
However, there are many types of compromises, each of which has its own calling cards.
After compromising your password, attackers can place code on your Website that can contain malware or phishing content. Typically, when viewing the website's code, you will see these injections at the top or bottom of the files. Additionally, the injected code will often repeat in in each of the affected files. This means that you might be able to search for this code and find it quickly when reviewing the content. Here's an example:
<iframename=Twitter scrolling=auto frameborder=no align=center height=5 width=1 ·src=hxxp://badsite.tld/badfile.php?id=someid</iframe>
Phishing schemes attempt to steal sensitive personal information such as passwords, credit card numbers, and social security numbers. Typically, the attacker will send spam email to people with links to a phishing Website that poses as a legitimate website — that's where they've set their traps. For more information, see What is Phishing?
There are a few things you can do if you think your Website's been the victim of an attacker.
The first thing you need to do if you think your Website is compromised is change your password. For those instructions, check out Reset your FTP username and password.
If you have a website that uses a database, like WordPress® for example, you should also change your database password. You can find that info in Reset your MySQL database password.
After resetting your password, you should review all of your hosting content and remove any malicious content from it. You can do that using your control panel's file manager (more info) or an FTP client (more info).
If that sounds like something you're not comfortable accomplishing (or you simply don't have the time), we offer a security product called WebsiteLock that will remove most malicious content for you. You can get more details about it on our website here.
For most customers, we recommend the Professional WebsiteLock plan. This includes access to WebsiteLock's 360-degree scanning along with automatic malware removal.