As a website owner, very little can leave you feeling shocked and vulnerable more than when your website it hacked – and rightly so. The hack could be as simple as having some unwanted verbiage on your website or temporarily losing control over your site. But given the right circumstances, the hack could be much more severe. If your business depends on the leads and sales you receive from your site, you could potentially be looking at lost revenues or customers because of the hack. And one thing is certain no matter what the hack is. If you don’t act quickly, it will leave more permanent scars on your site by damaging your SEO, your online reputation, or worse. When you think you’re site has been hacked:

1. Do NOT panic! Panicking will not help you fix the problem.
2. DO act quickly. Waiting will only allow the damage to set in.
3. Do NOT waste time looking for people to blame. Many times you won’t find anyone to blame but yourself. It’s better to just deal with the problem and move on.
4. Do NOT expect a site restore from a backup or automatic cleaning to make the problem go away. Those tools are helpful parts of the process, but without addressing the root problem behind the hack, you’ll just get hacked again and likely worse than you were hacked the first time.
5. Do start gathering up as much information as you can about what happened, when it happened, and what your server login information is. That will all be necessary information as part of the process of repairing the hack.

Get started with your hack repair now!

In most cases, it looks like your site is either broken or has clearly been hijacked by someone else.  In many cases, it will also be advertising or doing something you didn’t ask it to like advertising offshore pharmaceuticals, sending spam, or downloading viruses onto visitors’ computers.

The biggest sign of a hack is when you either receive a warning about it or notice something obviously wrong with your site like spam ads on your site or search results or noticeable defacement to the site. Another red flag is when your website tries to download something onto visitors’ computers when it’s not supposed to. The most common warnings about suspected hacked sites are:

• Google: “This site may harm your computer”
• Google: “This site may be compromised”
• Google: “This site may harm your device”
• Google: “This site may be hacked”
• Chrome: “Warning: Something’s Not Right Here”
• Chrome: “Danger: Malware Ahead”
• Firefox: “Reported Attack Site”
• Internet Explorer: “This website has been reported as unsafe”
• Safari: “Warning: Visiting this site may harm your computer”

There are several kinds of hack including (but not limited to):

• SQL injection – Where a hacker either inserts bogus content or user accounts into your site or pulls data they should not have out of the site (e.g. user accounts)
• Spam hacks – Spam hacks involve using your site as a marketing tool for something else like pharmaceuticals (called the “pharma hack” or “pharma injection”), watches, or services in other languages. Sometimes this comes in the form of spam comments. Other times it’s in the form of content on your site (pages, parts of pages, etc).
• SEO or Google hacks – SEO hacks are when the hackers only display their hack to Google so they can improve their own SEO rankings or site traffic. Typically the first sign that you’ve been hit with this hack is a warning like “This site may be compromised” or “This site may harm your computer” next to your website links in Google.
• Iframe or JavaScript hacks – Iframe hacks also called “iframe injection” is when a hacker hides an iframe in the code of your site to redirect you to another website or download software (like a virus) onto the computer of your visitors. In some cases, this is done in JavaScript using a technique called JavaScript obfuscation. In other cases, it’s done directly in the HTML of your website.
• Base64 hacks – This hack allows a hacker to run whatever code they want to run on your website in a well-hidden way because they are “obfuscating” their code so it’s not easily readable. Usually between hiding the code and clever naming of the files that they infect, they are able to hide what they are doing making it easy to notice that you have been hacked, but hard for most webmasters to find the hacks. These base64 hacks using base64_encode or base64_decode functions from PHP are some of the more common hacks and span the realm of hack types from spam hacks, redirection, unauthorized downloads, back doors, botnet server control, mass emails and more.
• Eval hacks – While some hacker code tries to hide via base64 encoding, some of the newer breeds of hack use alternative methods of hiding their hack code like displaying their code in reverse order so you can’t search for it manually, breaking up the code into blocks of say 5 characters at a time and then combining those, or downloading the code they use from a hacker’s website when the page loads so that the hack code largely isn’t even on your site.
• Server rooting – While many hacks target holes in the security of the website, some hacks target vulnerabilities in the the server.  In some cases this is related to unapplied security patches to your server’s hosting software or operating system.  In other cases, the hacker finds a way to upload “rooting” tools to your server so they can take over the master user account on the server and completely control your server – not just your website.
• Brute force hacks – While newer hacks use more sophisticated methods of detecting security flaws, modern computing power has made it still feasible to try brute forcing your way into a website.  In some cases, the hacker will try brute force to log into your website admin (e.g. WordPress, Drupal, or Joomla).  In other cases, they’ll target your FTP, registrar, hosting, or SSH logins to gain some larger control over your site, your domain, or your hosting control panel.
• Vulnerability probing – In the same vain as brute force attacks, there are also brute force methods of searching for security vulnerabilities.  Either through freely available hacker software or their own custom written malware, if you notice a spike in 404 errors on your site for pages that do not nor ever have existed, it’s likely that your website is being probed for security holes so that a hacker can find one to break into your site.
• Denial of Service or “DDoS” hacks – DDoS hacks are intended for one purpose: to bring your site down. While not the most common type of attack, a DDoS can be devastating for a site owner who does not know how to combat it because a distributed list of requests to your website from all over the world simply overwhelm your site and keep it down until the DDoS is over or you find a way around it.
• Botnet or mass email hacks – Botnet hacks are hacks intended to control multiple servers or websites to distribute some sort of content (emails, website spam, malware, etc). In some cases, a hack will also take over your server by sending thousands of emails out to distribute spam or phishing emails to as many people as possible. Frequently such hacks will find your website and/or email addresses blacklisted and your webhost will often shut down your site when they detect such hacks.
• Vanity hacks – Vanity hacks are when a hacker hacks your site for prestige to show that they can hack sites. Usually these are denoted by messaged that say “hacked by…” and the name of the hacker.
• Fraud or data theft hacks – For sites with large lists of users or that contain e-commerce or donation components, hackers may also try to break into the site to steal user or credit card data, put a tap on credit card forms to steal credit card info on the fly as your site processes credit cards, or even in some cases to buy from or donate to you using your online e-commerce or donation components to test a bunch of stolen credit cards.

It can.  Google and other search engines do understand that getting hacked is not necessarily your fault, but they also have to protect the people they would otherwise send to your site.  Once they find out that you have been hacked, they warn people about that before letting them visit your site.  If you don’t address the problem quickly, they may also dock your search rank.

It depends on the hack.  If the hackers simply added some code or files to your site, it’s usually pretty quick to remove that. If they have done damage to the content or appearance of your site or if they have infected your server/hosting with malware also, it’s a much more complicated fix.  In many cases, the hack can be removed, your site can be upgraded to more modern security practices, and Google can be notified about the hack repair for only $250.  Once you submit your site information to us, we can investigate provide you with a more exact estimate based on your unique situation.

Yes and no.  Yes, restoring your site from a backup will make the problem go away temporarily.  But if you determine how the hackers broke in and block them from getting in that way, you will typically just get hacked again within the day or two after you restore your site.

Yes and no.  Yes, there are tools that can identify and remove hacked files, but those tools won’t also fix the source of the hack and that means the hackers will be back and will just hack your site again.  What we provide differs as we not only clean up the initial damage, but also stick with you to determine the cause of the hack so we can block the hackers from getting back into your site again. Especially if you’re running ongoing SEO or marketing campaigns, it is crucial to make sure you don’t keep getting hacked over again.

During the repair process, it is possible to get hacked again, but once we’ve identified the cause of the hack and blocked it, you won’t be able to be hacked again unless another cause arises that is not quickly addressed.  In addition to repairing the hack, we can also monitor and address such issues for you on an ongoing basis so you don’t even have to think about the security components of your site.

Yes.  Once we have identified the cause of the hack, we can block it.  As technology changes, though, other security holes may pop up, so it’s important to stay on top of the security on your site all the time.  If you like, we can handle that ongoing maintenance for you as well so you can focus on what matters most to you – running your website rather than fixing it.

The most common causes of website hacks is running old versions of your CMS (WordPress, Drupal, Joomla, etc), old or unsupported plugins/themes, or shoddy customizations done by another freelance programmer.  That said, most CMS systems have core vulnerabilities intentionally in place because plugging those security vulnerabilities is either a different process for different hosting platforms or will likely cause side effects with a common collection of plugins and themes.  If you’re afraid to run updates because it can break things as well or don’t know what to do, we can also maintain that for you with our ongoing security and maintenance plans.

Yes we do.  If you have a clean/unhacked WordPress, Drupal, or Joomla website and just need someone to ensure that it stays that way, we can take over the routine maintenance and security of the site.  Our maintenance plans include:

• Monthly WordPress/Drupal/Joomla, plugin, and theme updates
• Tweaks to your site and theme to fix small incompatibilities or breakages that arise from installing updates
• Monthly website backups
• Ongoing hack and malware monitoring
• Free hack repairs during the life of the maintenance program

Pricing on our maintenance plans runs $30/month or $330/year (one month free when paid annually).

Yes.  A lot of our clients have coupled our security and maintenance services with their own maintenance, marketing, development, or design services.  Others simply need someone to turn to if their clients websites get hacked.  For questions about reselling our services or to get a copy of our maintenance agreements for use reselling our services, contact us at [email protected] or call us at 405-562-6360.

Yes.  One of the more common things that we do here at UnHack.Net is rebuild websites in the “correct way”.  Frequently self proclaimed “CMS experts” will try to extend your website by building custom plugins for features that already exist inside your CMS, by using raw PHP code to “shell your CMS” for a custom theme, by using a super powerful PHP framework for a basic website instead of a using a CMS, or by sandwiching your CMS into another part of a custom site they have built for you.  Most of these methods are completely unnecessary and amount to an insecure website that feels like a “house of cards” even for the people using your site that know nothing about coding. If you need a quote for a site rebuild, email us at [email protected] or call us at 405-562-6360.

Yes.  We can run security audits for your website, your server, your web application, or any combination of those.  For help with a security audit, email us at [email protected] or call us at 405-562-6360.

Not at this time.

If you host your email accounts on the same server that you host your website than many times we can help, yes.  Ultimately, it depends on your unique email setup as to who has the ability to help.

In most cases, no.  If you’re social networking account(s) have been hacked, the best source of help will be contacting that social network to let them know and ask them for assistance.<