Action Plan for a Hacked Site


Just logged on to find our site has been hacked and am looking for an appropriate course of action (yep, wasn’t prepared for it happening to me).

I’m thinking I should deactivate http on the domain until we have things fixed. That won’t cause me to lose any files will it?
I have current site and db backups but want to be sure I find the vulnerability and close it before we go back to live.

If anyone has any tips on a proper course of action, I’m all ears.

Thanks in advance,


First and most importantly, contact support ASAP.

Then the next question becomes what was hacked are you running any scripts? If so are they outdated?

If not then have you been on a public network where someone could have sniffed your password. If that is the case I would disable the shell user and just make it ftp and change the password. The last think you want is someone to have access to your sell account.

Thanks for the speedy reply!

I’ve contacted support, suspended http service to the domain in question and am downloading the sites logs.

Its a site based on PostNuke .750, so its running scripts, but they should be fairly current. The site was rebuilt from an older version of PostNuke(.721) and went live about a month back.

I don’t think I’ve accessed any of it from a public network, but I’m changing all the accounts to be safe.