You Have Been Hacked! How Did My Site Get hacked?
You have a site called myperfectsite.com and on your perfect site you keep all of your security in perfect order. You know that there is not a way possible for your site to get infected with malware. Your server host offers you unlimited domains. Your first site is doing very well, but you want to incorporate some changes, so you start a second site called mytestsite.com.
On your new site you try new plugins and features that you plan to use on myperfectsite.com but after a while you forget about mytestsite.com. You do not update the site or the plugins you have on it, but you still have it as a live site just in case you need it again in the future.
So a hacker comes a knocking on your door and with every brute-force attack they are not able to get into myperfectsite.com. Your security is tight, and no matter what form of attack they use, they are not getting into your site. They do a search on you IP address and find that you have shared hosting and the site mytestsite.com. Using the same techniques as before they find a vulnerable plugin that had not been updated and they were able to gain access.
The first thing that you are going to think is, “That’s on the test site, it shouldn’t matter!” correct? That is incorrect. Even though myperfectsite.com was secure, it was now infested with viruses and the home page had a graphic saying, “This Site Will Infect Your Computer!!” for all visitors to see.
Both sites are on the same shared account with and managed by the same user. If there is vulnerability on either site it may be used to attack the entire account. Once on the server the attacker was able to introduce malicious code from backdoors to actionable code. Like a virus the code is replicated and inserting itself into every file it could find.
What to do, what to do? You hire an expert to come in and clean all the malicious code and backdoors, and finally your site is working again. You are happy that everything is back to normal when within the next hour everything reappeared.
The answer to this is simple. A virus spreads and malware can spread as well. It will duplicate itself and hide in directories you never check, or care to look. The file could also be called something that looks like it’s suppose to be there. You would be afraid to remove it not knowing if the consequences would be devastating or not. Scrubbing your database may be your only solution to the problem.
This information I give you for the importance of keeping regular backups of your site and database. If you have multiple sites on a shared host, make sure that all sites are secure to ensure that this does not happen to you.