How to clean up a hacked website with Imunify360
In this article, we will describe how Imunify360 can assist in the cleanup process if your website got hacked.
Prerequisites
Step 1: Analyze the website
The first step is to analyze the website and check if your website is or was hacked. You can do this yourself by checking if there are suspicious files or unwanted plugins in your home directory.
Step 2: Scan the website
You can start the scanning process through the Imunify360 interface “Imunify360 -> Malware Scanner”. You have the option to scan all users or, use the search bar if you want to scan a specific user. To scan all users, click “Scan All” or click the “play” button under “Actions” to scan a specific user.
The scan includes a file/folder and database scan.
Step 3: Updating the website
It’s always recommended to keep your website updated.
Step 4: Malware found?
It can have the following outcomes:
- Website cleaned
- Website clean-up failed
- No malware detected
- No malware was detected but there are suspicious files.
Step 4.1: Website cleaned
If Imunify360 detects a malware, it will try to clean up the website. After the website is cleaned you should see this.
You can click the eye icon to unveil the file content. If you think it was a false positive and the file should not be cleaned-up you can restore it by clicking on the “clock” icon next to the eye. In case it was a false positive, you can also submit the false positive to the Imunify360 team by using this command on the command line:
imunify360-agent submit false-positive <full_path_to_file> --reason <reason>
When cleanup is done but you suspect the website is still infected, feel free to contact the support department of Imunify360.
Step 4.2: Website clean-up failed
In case the cleanup failed, you will see something similar to the screenshot below:
In this case, it’s required to contact the support department of Imunify360 . You can create a ticket through the control panel.
Step 4.3: No malware detected
If no malware is detected no action required.
Step 4.4: No malware was detected but there are suspicious files.
If no malware was found but you detected suspicious files, please log in via SSH and submit the files as undetected malware. You can use the following command:
imunify360-agent submit false-negative /path/to/file
Conclusion
In this tutorial, we’ve explained how you can use Imunify360 to check and clean up a hacked website. In case of doubt over whether your website is or has been hacked, you can contact Imunify360 support.
Leave a Reply