Help - Hackers have taken over my site!

Well, kind of. I was notified by Google that there has been phishing pages uploaded on my website that, of course, I did not initiate. I went through the access logs and saw when and how they were uploaded - through a shell script!

I was able to trace and delete 3 different shell scripts located at various locations on my site, but as I keep looking, it seems they are everywhere. Is there any way I can do a site-wide malware scan that would pinpoint these buggers so I can get rid of them?


You can simply contact your hosting provider and ask them to check server logs to identify hacker but first change your hosting account login credentials as well as FTP account password.

If your site content is static and hasn’t been updated from a while restore a backup from before the problem started and change all passwords. If not, you will need to be VERY careful to clean everything up. This can be easier in Wordpress and some other CMS as you may be able to compare your file structure with a clean install and see where the changes have been made.

Changing password wont help if you have a virus … It usually read ftp accounts from your FTP client…

  1. delete all stored passwords
  2. clean up your computer (or if anyone else had ftp password ask from them to clean their computer too)
  3. change password(s)
  4. see what actually is changed and use backup to restore it…

Keep in mind that sometimes crackers will upload .htaccess file instead editing your site files and all problematic code will be inside .htaccess.

First, change your passwords.

Second, contact your hosting provider about the situation.

Third, make sure all the software is up-to-date. That includes apache, PHP, MySQL, wordpress, forum software, etc