How was your website hacked? Here are several possible scenarios:

1. If you have your ftp details stored locally on your computer, someone may haven stole them using various Tojan Horses, Spyware, etc. Several times in the past attackers used stolen FTP credentials to successfully pull off a large scale attack.
A solution in this case would be to run a full scan of your computer and change your ftp credentials from the Site Management > FTP Manager on your web hosting control panel. Also be careful when you enter login information on public computers.

2. Someone used your hosting control panel password and hacked your website(s) – this case is quite similar to the above one and the solution here is an immediate update of the account password, which could be done from the My Account > Change Login Credentials.

3. If you are using any scripts for your website, incl. systems like Joomla, WordPress, etc., the site may be hacked with various methods like database injection, remote file inclusion and many others that utilize a security whole in a script.
The problem with open-source applications is that everyone has access to their code, which allows hackers to find security wholes, especially if the applications are not updated regularly and/or different add-ons with unknown origin are installed.
This is a topic that can be widely discussed and there are many materials providing more details information to be found on the Internet.

In case you find your website(s) hacked, we recommend you to cover these few bases:

1. Getting your site off-line – Take your site off-line temporarily, at least until you know you have fixed things.

2. Damage Assessment – It is a good idea to figure out exactly what the hacker(s) was after.

* Was he looking for sensitive information?
* Did he want to gain control of your site for other purposes?

- Look for any files, which have been recently modified or created that you cannot recognize or you haven’t edited yourself.
- Check for any suspicious activity on your web hosting control panel, such as newly created email accounts, ftp accounts, etc.
- Determine the scope of the problem — do you have other sites that may be affected?

3. Recovery
- The absolute best thing to do here is a complete re-install of the application(s) you are using from a fresh and updated copy acquired from the script vendor. It is the only way to be completely sure you have removed everything the hacker may have done.
- After a fresh re-installation, use the latest backup you have to restore your site. Do not forget to make sure the backup is clean and free of hacked content too.
- Update any software packages to the latest version. This includes things such as blogs, content management systems, or any other type of third-party web applications installed.
- Change your passwords – the application admin password, the hosting account one, as well as the ftp passwords.

4. Restoring your online presence – Get your site(s) back online and also keep an eye on things, as the hacker(s) may try again.
- To request removal from the list of reported phishing sites, use this form provided by Google: http://www.google.com/safebrowsing/report_error/?tpl=mozilla
- To request removal from the list of reported malware sites, use this one, provided by stopbadware.org: http://www.stopbadware.org/home/reviewinfo