Your name
Your email
Secondary (alternative) email address (optional)
Your affected website(s)
Webhosting company (or companies)
Are all your compromised sites on the same physical server?
Yes
No
Unknown
Have you notified your webhost of the incident?
Website operating system
Linux
Windows
Other/Unknown
Website server software
Apache
Microsoft IIS
Nginx
Other/Unknown
Control Panel
cPanel
Plesk
Webhost custom control panel
Other/Unknown
Hosting Plan Type
Shared (many unrelated sites on server managed by webhost) Unmanaged Dedicated/VPS (you manage the whole server
yourself) Managed Dedicated/VPS (you manage sites, but webhost
manages server) Other/Unknown
Do you process credit card payments directly on your website
or store credit card information on your site?
Yes
No
Software your site uses (Check all that apply)
Coppermine Joomla OpenX ad server osCommerce phpBB Simple Machines Forum (SMF) vBulletin WordPress Custom PHP code written by you, or for you Custom ASP or ASP.NET code written by you, or for you Custom ColdFusion code written by you, or for you
Software and scripts not listed above
Do you have backup copies of all your website files (.htm,
.html, .php, other data files, etc.)?
Yes Yes, but the backups are old and outdated Yes, but the backups are infected No
Do you have backup copies of your website databases (MySQL
databases, for example)?
Yes Yes, but the backups are old and outdated Yes, but the backups are infected Backups not needed because I use no databases No
When did you first know that the site was compromised?
Is this the first occurrence, or has the site been hacked
repeatedly?
This is the first time
Repeated hacks
Symptoms of the compromise (Check all that apply)
Google says "This site may harm your computer" Google says "This site may be compromised" Visitors are redirected to a fake antivirus scan Visitors are redirected to pharmacy/drug pages Visitors get AV virus alerts Pages are injected with spam links to other sites Site is reported for phishing, with fake logins for
PayPal, banks, etc. Site is reported for sending spam emails Pages say "Hacked by [hacker name]"
Symptoms not listed above
How many people's computers have password access to the
site for FTP, Control Panel?
Please list the antivirus programs they normally use
Have antivirus scans been done on all Windows PCs, with a
different AV program from their normal ones?
Yes
No. (If not, please have them do it now.)
Was malware (other than tracking cookies) found on any of
the PCs?
Yes
No
Have you changed the website passwords?
Yes
No
Were the old passwords a) fairly simple, or b) did they
contain any words that can be found in a dictionary?
Yes
No
If the new passwords are weak, too, change them to more complicated ones.
When the incident occurred, were any of your website
programs or plug-ins old and outdated?
Yes
No
Don't know
Are all your website programs, modules, and plug-ins
upgraded to their most recent versions now?
Yes
No
Don't know
At the time of the compromise, was Secure SHell (SSH,
remote console) access to the site enabled/permitted?
Yes
No
Don't know
If you have discussed the incident online (in a forum, for
example), you can enter the URLs (web addresses) here and avoid having to repeat the story
to me. Otherwise, you can use this space to describe the steps you've tried so far to
resolve the problem, and what the results have been.
To give an idea of your experience level, please indicate
which types of things you are comfortable doing. Check all that apply.
Send/receive email attachments Zip/Unzip compressed files Edit page with WYSIWYG editor Edit HTML code Experience with program code in any language such as PHP,
C, etc. Upload/download files by FTP Edit .htaccess or other text data files File support tickets and communicate with your
webhost Make backups of site directories and files (.htm,
.php, etc.) Make backups of site databases (MySQL, etc.) Uninstall/Reinstall FrontPage Extensions (if
applicable) You have a Google Webmaster Tools account and can use its
features Upgrade your software such as WordPress to latest
versions Use your hosting control panel File Manager Download, unzip, interpret your HTTP access logs Download, unzip, interpret your FTP access logs Understand and follow steps listed in webhost
KnowledgeBase articles
Operating system on your own computer (not your website)
Windows
Linux
Mac
Other/More than one/Unknown
The questions in the interview so far have tried to cover in an organized way the
most important standard information that will help to analyze your situation.
Please write here any additional information about the incident and how it
developed.
Recipient
