Website and Email hacked

[Calibretto]

Hey everyone. I run a small website for the newspaper at my university. I just got an email from the publisher saying the website has malware on it. I then go to the website to see what's going on and the site has been blocked saying it's a "reported attack site." I've done some research on this and decided the best option is to reinstall the entire website to get rid of any malicious code. I'm in the process of doing that now.

I then get another email from the publisher saying the email accounts aren't working. Is it just me or does it seem like the entire hosting account got hacked and not just the website?

 

[sometechieguy]

Could be either really but I would be sure to notify your web host and ask them to let you know if it was just your site that was compromised. Often times one site on a shared web server is compromised only as a foothold to try to gain root access to the machine.

That said there's plenty of damaging fun a hacker or spammer can have without needing root access.

True the easiest way to be sure you're rid of malicious code is to reinstall the entire website and restore a backup of your database. However before you do this it's good to dig around and find potential points of entry - software/scripts left by the hacker - look at the file creation dates and establish how long the machine may have been compromised for.

I've seen systems that were hacked for 3 weeks before the hacker ever chose to do anything with them. So if you find your machine was hacked weeks ago you'll want to look at older backups of files (if you have incremental backups)