When a site is online, it might become a victim of malicious attack (hacking). Below, we will see the reasons causing such attacks, the actions you should take to restore the issue, and how to avoid it in the future.
First, you should restore your site to a date when it was functional. You can do this through your
myTophost Panel.
Reasons that might have caused the hacking and actions to take:
- The web application you used might have had a security vulnerability.
In this case, you should upgrade your application to its latest version.
- Passwords have been compromised.
You should change all passwords related to your hosting (FTP/plesk/databases/administrator environment of the application).
- The web application or its plugins and themes have not been upgraded to their latest versions.
You should upgrade your plugins and themes to their latest versions.
- There is malware on your PC.
You should scan the computer from which you upload and download files to your site.
- You are using pirated or unofficial software.
The programs you use should not be pirated and should be supported by your computer's operating system.
- Incorrect permissions on files or folders.
Check the permissions of the files on your site. Files that anyone can write to (have full permissions or 777 and appear in the corresponding column as "rwx rwx rwx" in Plesk's File Manager) are considered major security risks. In most cases, your files should have 755 permissions (or "rwx r-x r-x").
Why would someone attack my site?
Someone may want to use your space for illegal activities, such as sending spam (unsolicited emails) or stealing information through "phishing". These activities affect the server's service reliability. For example, if a site sends spam, the server's IP address might get blacklisted, causing email delivery issues for all sites hosted on that server. Often, complaints (abuse) are sent regarding phishing pages or spam sent from the data center.
What can I do to avoid problems in the future?
In addition to the above actions, it is advisable to install a security plugin. Below, we will see options for two of the most popular CMS, WordPress and Joomla.
If you are using Joomla, you can find security extensions
here.
If you are using WordPress, you can find security plugins
here.
Finally, there are sites like
Sucuri, where you can enter your site and click
scan your site to get a detailed report on any malware on your space.