How to handle a hacked domain? | Bluehost Support
  1. bluehost knowledge base

How to handle a hacked domain?

Overview

These steps are taken when a customer's domain is associated with another customer's account. A hacked website is extremely inconvenient for us, and removing a hack can be time-consuming. Below are the quickest and simplest ways to repair and secure their website. 



Check for warnings 

If they have seen "This site contains malware" or "The site you are about to visit contains harmful programs" in relation to their website, there is definitely a problem. To check further, enter their domain name at https://sitecheck.sucuri.net

  •  If their website has been compromised, a warning will appear here. 
  •  No caution? It is less likely that their website has been compromised, but it is still possible. 

Change password 

If their domain/website has been compromised, request that they change their passwords immediately. 

Restoring a backup 

If they have a non-corrupted backup of their website (and database), instruct them to re-upload it to their hosting account. 

Unhack 

It is nearly impossible to manually remove malware from a website in a reliable manner. Consider recommending a service like a Website Security to remove the compromise from their files. 

Gather Documents 

They should have the ownership proof they'll need to enlist the support of this formidable organization in their recovery process that we may need before escalating to the ownership team. It’s a good idea to obtain this documentation proactively: 

  • Domain's registration history - Copies of documents proving their identity as the registered owner of the domain. 

  • Billing records - Payment records show that you have been paying for the domain and that the account is currently paid up. 

  • Payment history - Records of payments that attest to the fact that they have been paying for the domain and that the account is fully funded. 

  • Site Logs - Weblogs and archives of the content from their website that serve as evidence of their connection to the domain. 

  • Listings - Directory listings or marketing materials that link them or their business to the domain include brochures, ads, and directories. 

  • Contact from the registrar via phone or text message - Any correspondence they may have had with the registrar on an administrative or technical matter, such as a WHOIS reporting notice or a DNS change alert. 

  • Tax and legal paperwork - Any business contracts that mention the domain name and tax returns and notices that link them to the domain. 

For further assistance, you may contact our Chat Support or Phone Support via 888-401-4678. You may also refer to our Knowledge Base articles to help answer common questions and guide you through various setup, configuration, and troubleshooting steps.