A hacked website. The sequence of actions?

In The Security Council. my website has implemented a spam mailing list.
"On behalf of your user has been locked for spamming. The ability to send emails from the server is locked."
"The implementation of spam going through scripts sites account. "

Most likely there is a standard procedure that is performed in this case. What would you recommend? And how to protect themselves in the future.

Hosting timeweb.ru (if necessary)

October 3rd 19 at 01:50
5 answers
October 3rd 19 at 01:52

1. Or when you do not save the password in the browser from the web hosting control panel
2. Or when not to save the password of user admin of the site
3. Or when you do not save the password in the programs through which you access the FTP
4. Change your password at least once a month
5. The password must be [a-zA-Z0-9]

The actions which now need to be made.
1. to change the password on all that is connected with the control Panel, Ftp, and control Panel on the website
2. to check the site for vulnerability

Never confuse "no" and "no". Sorry, escaped. - lelah.Sporer64 commented on October 3rd 19 at 01:55
October 3rd 19 at 01:54

Second paragraph - details.
Passwords, of course, changed immediately.

October 3rd 19 at 01:56

It is desirable to check the files for suspicious code

October 3rd 19 at 01:58

After changing the passwords, where possible, should:

1) Save everything possible (a full dump of code, database and logs)
This is done for further analysis - determining the reasons for and details of hacking(script, date and time of the hacking site + the IP of the attacker )
2) to Restore the site from backup (base scripts etc)
3) analyse the stored data from paragraph 1
4) Eliminate a vulnerability through which the website was hacked.
You can still until the analysis is complete to try to upgrade to the latest version of scripts
if you used something standard (Wordpress for example)
5) to Conduct a comprehensive audit of the website for vulnerabilities
Here is looking or artists are sensible and service is good.
6) First time special attention to the server logs because the probability of re-attempts of breaking of site will be very high

October 3rd 19 at 02:00
If still relevant - the security audit of the website, check the integrity of files and scripts of the website, indicate in what way could spread to Your property.

Find more questions by tags SpamInformation security