What is the reason for the hack
In most cases, file infection occurs as a result of using vulnerabilities in website scripts.
Also, the cause of hacking can be the actions of a malicious program (virus) running on the computer from which the site was accessed via FTP. Such a program could steal passwords that were used to modify your site files.
Recommendations for hacking
To eliminate the causes and consequences of hacking, you must:
1. Run an anti-virus scan on all computers that have had administrative access to the hosting at least once. If the malware is not removed, it can detect and steal new passwords.
2. Change passwords for FTP access to the site in the hosting control panel. Do not save passwords in FTP access programs, this will prevent them from being stolen.
3. Check for the presence of foreign files on your hosting service, as well as inserts of malicious code in site scripts.
When checking, pay attention to:
- files with suspicious names; files with a recent modification date (be aware that this date can be faked);
- files with obfuscated (unreadable, encrypted) code. Extraneous content must be removed.
5. Check site scripts for vulnerabilities and fix them.
Using the site access log, it is possible to identify requests that could exploit vulnerabilities. By these requests it will be possible to find out unsafe scripts. Particular attention should be paid to POST requests that are not standard for your site. You should report the hack to the site developers and provide them with a log of visits.
6. Change the administrator password of the CMS used on the site. Update the content management system (CMS) and installed modules to the latest version.
To resolve these issues, we recommend contacting your technical specialists.
