Delete all uploaded files and then........

[afieldoutback90]

If I delete all my website files in cPanel (as it has been hacked), can I then just upload a "website under construction" page? If so how long can that page remain there?
A previous post here provides the hacked prevention details and the site address. I don't know how to cure the problem and feel that the best option is to upload something new. Thanks.

 

[Anna]

That'd be fine, just make sure to ONLY delete files/folders INSIDE the folder "public_html".

In general we say there should be a working site within 7 days for new accounts, but technically an under construction page actually qualifies (the main thing is that the user need to replace the default index.html that is provided with new accounts to show they intend to do something with the account).

 

[afieldoutback90]

Thanks for the reply. That might be the best option as I haven't got a clue about this hacking malarkey. It looks like I am going to have to do some research as I don't think anyone else here knows how to help.

 

[essellar]

If you are using static HTML pages with no user input, then somebody managed to gain access directly to your files. Re-uploading your files and changing your cPanel password (and making it a strong password, and keeping it to yourself) ought to clear that up. If you have links to your site elsewhere, such as in forums on the web, and you're using the same password in more than one place, then it can be easy to break in (you'd be amazed at how many sites store passwords in plain text or in an easily-cracked unsalted hash format).

You may also be using a script (JavaScript or PHP) that you didn't write yourself, and which may come with its own built-in exploit, so you might want to go over things before you upload more than an "under construction" page. Free scripts can be nice to have, but only if you know exactly what they're doing -- or if they are coming from a known-trustworthy source (like linking jQuery from the Google APIs site, for example).

Please note that images (JPEGs in particular) can also be exploitable -- there is a lot that is allowed in an image file that has nothing at all to do with creating a picture. If you are using images you didn't create yourself, you might want to run them through something like PureJPEG to remove anything that isn't necessary to displaying the image.

 

[afieldoutback90]

Thanks for the reply.
I'll give it a go.
Have a nice day.