Response to a Hacked Site

Discussion in 'Suggestions' started by Bill Thorne, Sep 14, 2015.

  1. If my site is hacked, I would prefer a warning rather than having my site shut down.

    This morning, while away from my office I got a notice from my website monitor that my site was down.

    It was. I went on the support system and found an alert that malicious files had been found with a few examples in the root folder--I had limited time but did delete all the crap PHP files that I found. Note that these were not new files and had been there a while.

    I then subscribed to SiteLock, while support was offering to remove files for an hourly rate. Since I subscribed to Enterprise SiteLock I preferred to clean-up files myself.

    I did get a response that while I had cleaned up the root, there were others sprinkled throughout a WordPress folder, so my site was still down. The offer to cleanup at an hourly rate was repeated.

    I submitted a ticket response that I had subscribed to SiteLock and couldn't I remove the files myself? I got no answer. Later today once I was able to work on the problem, I tried to configure SiteLock, but the configuration requires the ability to read from my site with HTTP in order to confirm an uploaded file that is part of the configuration.
     
    Last edited: Sep 14, 2015
  2. Hi Bill, sorry about that. The problem with leaving an exploited site up is the possibility of a server exploit being part of the site exploit. For obvious reasons that's not something we can risk.

    Support should be able to activate the site for you while you are actively cleaning it though. They will work with you.

    The reason we offer the paid site cleaning service is because not everyone has the ability or the inclination to do their own site cleaning/security, so that service grew out of that demand. Before we offered that anyone with a compromised site was basically on their own to fix it, and that's not something that everyone can do.
     

Share This Page