my website has been hacked

Posted on 2011-09-05
Last Modified: 2013-11-16

My website has been hacked and now most of the links in the menu are gone there are only 2 left.  Also an email was sent from the infor address to all the subscribers it wasnt sent by us it was the hacker the email said
Dear Natasha McDonald,


To unsubscribe click here 


The Beaufield Mews

 can someone help me get rid of this.

Question by:natashamcdonald
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 18

Expert Comment

by:Sudaraka Wijesinghe
ID: 36486030
Do you have access to your server or the hosting account? If so, I suggest you change your access credentials immediately and restore the web site from a backup.
If you don't have access to the server you may try to get the access back by contacting your service provider. You will need to prove that you are the legitimate owner of the web site.

Expert Comment

ID: 36486098
Also after the actions above, check your website for security leaks else the hacker can strike again.
LVL 19

Expert Comment

ID: 36486117
Who is hosting the account?

When was the last valid change you made to the site?

Can you request that the hosting company restore the site from a backup?

SendBlaster Pro 4 - Bulk Email Sending Software

SendBlaster 4 Pro - Best Bulk Emailing Sending Software
Automatic Subscribe / Unsubscribe Processing
Great for Newsletters & Mass Mailings
Optional HTML & Text Composition
Integration with Google Features
Built in Spam Score Checking
Free Professional Templates - Feature Packed!

LVL 27

Expert Comment

by:Cornelia Yoder
ID: 36486173
And when you have the website back, find a new webhost with better security.
LVL 19

Assisted Solution

Michael701 earned 250 total points
ID: 36486281
yodercm: I'll bet it's more the users weak passwords, not using SFTP and SSH for changes. Get your passwords at

Expert Comment

ID: 36486361
there is no database usage from your site, its not by sql injection, i doubt it was password weak or leak by backdoor from your pc.
LVL 15

Expert Comment

by:Giovanni Heward
ID: 36486443
Google reconnaissance shows -- it's possible the attacker gained access here using weak passwords (or via


Author Comment

ID: 36489919
Hi Thanks for all you comments i have reloaded the files from my laptop but it hasnt got rid of the problem i dont know how to get rid of this can anyone help me?

Assisted Solution

crazedsanity earned 125 total points
ID: 36490122
What are you trying to get rid of?  If the site is backed by a database (which most modern sites are), then it could be that something has been changed in the database itself: reloading old PHP/config files won't do much; instead you'll have to reload an old copy of the database itself.

Once something has been sent via email, it is a safe bet that they'll be archived forever by something.  Also, once the subscriber list has been taken, there's not much that can be done: if the "hacker" is smart, they'll save it somewhere instead of relying on continued access to the site/database to retrieve it.
LVL 19

Accepted Solution

Michael701 earned 250 total points
ID: 36490255
Are you SURE you got your copy uploaded? I have a feeling that the website index.php may have had it's rights changed. I'd first try to erase the website version, then upload yours.

The html source only had the two links. This could be because of something in your php code. If it doesn't get fixed, post you php code here for review.
LVL 18

Assisted Solution

by:Sudaraka Wijesinghe
Sudaraka Wijesinghe earned 125 total points
ID: 36491070
Please check and make sure the backup you restored from (on on your laptop) was taken before the hacker attached the web site.
If you have any older backups which you are know for sure that is from before the hack.

Maybe try to bring up the site on another server or on your laptop itself to make sure.
LVL 27

Expert Comment

ID: 36902241
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This article discusses how to implement server side field validation and display customized error messages to the client.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question