hosting-hackOften times when domains get hacked the hackers will launch malicious processes that use a great deal of CPU time and thus increase the load on the machine caused by your user. This does not necessarily mean that your sites are hacked, but they could be. To ensure that your user is not compromised and contributing to server load unnecessarily (and, also not engaging in illegal activity typically associated with these types of hacks) we ask that you review the following and act accordingly.
Most commonly hacking exploits of this nature occur through known vulnerabilities in outdated copies of web software (blogs, galleries, carts, wikis, forums, CMS scripts, etc.) running under your domains.

To secure your hosting site you should:

1) Update all pre-packaged web software to the most recent versions available from the vendor. The following site can help you determine if you’re running a vulnerable version: http://secunia.com/advisories/search/
- WordPress installations need to be updated to the latest version release.
- Any old/outdated/archive installations that you do not intend to maintain need to be deleted from the server.
You should check any other domains (if applicable) for vulnerable software as well, as one domain being exploited could result in all domains under that user being exploited due to the shared permissions and home directory.

2) Check your software control panel for outdated or unauthorized plugins/mods/components/etc. if applicable. Some exploits can add new plugins/components that continue the infection even if you’ve updated the core software version. Some plugins can themselves be the source of vulnerability, so it’s a good idea to ensure you’ve got the latest versions possible.

3) Go through all files under the affected user and look for anything that may have been modified or placed by the hacker. It is common for the intruder to place extra php blocks, iframes, javascript, tags, etc., frequently at the top or bottom of otherwise legitimate files. Often times this code is obfuscated or encoded such that you cannot tell what it does simply by reading it. Also note that hackers often leave behind shell/backdoor scripts that thy can later use to re-exploit the site even after all other vulnerabilities have been patched. Often these scripts are given innocuous names like “cache.php” or “template.php”, or they may be more direct is a dead giveaway.