Website Hijacked, Nameservers Changed, Email And Pass Changed

I set up a website for a friend 10 or so years ago and it’s recently been hijacked. Someone gained access somehow, changed the email and password to cpanel, changed the nameservers to point to cloudflare servers and made a bunch of changes to the layout and website content.

I contacted my hosting co and they said they could restore it to a previous backup, but they said I need to run a scan and fix via sitelock or another co first. Bought membership to sitelock and gave them user/pass to cpanel directly through my hosting (rather than through the site, which doesn’t work) but they keep saying the website files aren’t there and the ns are pointed to cloudflare so they can’t access them.

So, I called hosting co again and explained, they said they couldn’t change the ns because they’re going through cloudflare, and suggested I contact cloudflare to have them change them.

Obviously, I don’t have cloudflare, so I could only get through to an entry level support tech. All they could do was forward my inquiry, which has been over a week ago now.

I’m stuck and not sure what to do now. Been out of the game a long time and not up with the times at all.

Any help would be so much appreciated. Just a finger pointing in the right direction would be great. Thanks!

I’m not sure why the “obviously”. Maybe you could sign up for a free plan with Cloudflare, and get better support?

Whomever hijacked the site has the account in question, so I’m not sure why they’d do anything for me as I’m not the account owner, even if I could speak to a higher-level tech.

Are you able to check the Whois details? If those have been changed you will probably need to speak to the domain registrar.

1 Like

The registrar is showing private but there’s an address I don’t recognize. Domains By Proxy, llc. Would that be normal if we had it setup as private, or does it sound like it’s been taken over? I’ll probably need her to contact godaddy as she’s the account holder. Would they be able to reset the nameservers or does that need to be done through the host? Thanks, as I said it’s been a while.

Nameservers need to be reset by the registrar. If that is some other entity than the host then the host won’t be able to help.

1 Like