Once you have purchased the Website Recovery plan that matches the size of your site, a support request(ticket) will be opened to our Website Recovery team. You can pass your Health Monitoring(HM) report to the team via this ticket. The team will analyze the report to identify the areas and scope of the hack. Once the analysis is complete, the team can get to work on removing the injected code. We always recommend you take a backup of your account as soon as you receive the Health Monitoring report. The team can download the files from your account, or you can provide them a copy of the backup you just created. The team will then remove the injected code from these files based on the HM report. They can then either upload the files back to your account, or they can send you a copy of the cleaned backup. You can then restore your account from this clean backup.
The team will then be able to analyze the issue and try and identify the source of the attack. The depth of our analysis on the attack will depend on the access privileges of your webhosting account. Analysis will require access to logs from the Web server, FTP server, Control Panel etc. If your account already has access to these files, the team will be able to check them. Else we recommend you contact your hosting service provider and request for logs related to your account.
With over a decade of experience in the webhosting industry, Bobcares forms a perfect partner to StopTheHacker. Your Health Monitoring(HM) reports are analyzed by a team of engineers, that are available 24/7/365. Depending on when the scan by StopTheHacker(STH) has occurred, and when Google, Yahoo or Bing scan your site, you can even avoid getting blacklisted! However, in the unfortunate event that your site does get blacklisted, do not worry! Within hours of receiving the report, Bobcares will have your site cleaned. You can then contact STH to request for help in removing your site from the blacklists, or ask our engineers how you can request a review of your site.
What is code injection?Code injection can be used by an attacker to introduce (or "inject") code into the code of web pages to change its behavior. Instead of showing your website's content, it could redirect your customers to other malicious websites or even download malicious programs to their computer.
What are blacklists?Once a site has been found to contain such malicious “injected” code, it wont be long before this website is “blacklisted”. These blacklists are maintained by prominent web companies like Google, Yahoo, Bing etc. If your websites gets blacklisted, visitors to your site will get a pop-up warning, informing them that your site is not secure and persuade them to leave. Getting of a blacklist should be your top priority, even better is trying to get your site clean before it gets listed.
- Additional services will be charged at an hourly rate of $25/hr. Based on your requirement, you will be sent a quote for the estimated amount of time.
- Advanced website security enhancement services
Based on the analysis of the STH HM report and the source of the attack, the engineers may recommend website access restrictions, advanced rules in “.htaccess”, mod_security rules(if supported by server). Please note, the work the engineers can do is limited to the privileges granted to your account by your webhost, and the current security settings on the server. If we are unable to make changes ourselves, we can send you recommendations that you can forward to your webhost.
- CMS upgrade/update
If after analysis, the engineers determine that the cause of the hack was a known vulnerability in the current version of the CMS used, they can perform an upgrade/update. Please note, this is only possible with a standard installation of the CMS. Advanced customization of the CMS makes it impossible for the team to guarantee a troublefree upgrade. So please to inform us if you have a customized CMS. We currently support the upgrade/update of Joomla and WordPress. If you are using another CMS, we will let you know if an upgrade/update is possible before sending you the quote.
What will you not get from this package?
- The Website Recovery package does not include modification of the code of your website, other than the removal of the injected code reported by the Health Monitoring report. If the existing code of the website requires modification, our website developers are available to help on an hourly charge of just $25.
- The depth of our analysis on the source of the attack depends on the access privileges of your account on the server. Analysis will require access to logs from the Web server, FTP server, Control Panel. So we recommend you request SSH access to the server for a more detailed analysis or you can collect the related logs for your account from your webhost and send them to us.
- Other than the removal of the injected code, the Website Recovery package does not include any modifications to the site. Based on our analysis, we will send you our findings on what was the possible source of the attack. For more indepth analysis and help, we recommend you request for additional services to improve the security of your site.
Do I have to backup my site?
Yes! We have been in this industry long enough to know the best & quickest ways to clean a website of injected code. However, that very same experience has taught us that there is nothing more important than backing up data before making changes. So please ensure you take a backup of your site before we start working on it.