Hello, A godaddy shared hosting is hacked and hacker : - changed the .htaccess to htaccess.txt and no joomla website is working because of that. - indexes of wordpress website are all changed - In every subdirectory there is a new folder called "Root" and when I open it, it redirect me to the root of the hosting. When I try to delete it, it start to delete everything. - non-wordpress and non-joomla websites are not affected. What will be the cause of the hack apart from password hacking. how to delete this "root" folder. how to prevent hosting from being hacked by the same reason. the hacker said the the sfe mode is off. how can force all the accounts to to be ON And thank you
Restore from a clean backup or run some secure scans and check access logs. That is how we fix a hacked site or when a hacked client moves over to our servers, we scan and check their sites then lock them down so they cant get hacked.
You may wish to talk to your host. It could be a hacked server if the permission on symlink do not match. We ended up applying some custom patches to block the symlink exploits.
You may want to consider using Kaspersky or some other enterprise level solution to protect your personal computer. Be sure you run a full virus scan on your computer. You should also consider checking for adware and other malware. Once you know your personal computer is clean, change the password on your hosting control panel.You may also want to log into your hosting control panel and change permissions on all your files and folders to 644. 644 means only people logged in as your can change any files on your website.Also, you may want to verify you have the latest version of WordPress and Joomla. It could be you have older versions that have already been hacked.To take your security to the next level, consider getting a solution like McAfee Secure Site to test your website and find all the cross-site scripting problems. You will likely find a lot in the open source software. Cross-site scripting problems open the door to your website allowing hackers to put your website in the condition it is currently.I hope this helps.Johnny Mazuma