Afrihost seems to like adding password protection to your site if it is hacked. The banner that they set usually says "Access to this site is restricted. Contact support or login."
You usually get hacked if ...
-
you used a dumb password (e.g. admin123) (that's a poor password)
-
your desktop is hacked (and someone is running about with your FTP credentials)
-
you installed some amazing software which has gaping holes in it (pretty much any software, actually)
-
you installed a plugin or theme with gaping holes
-
you got hacked somewhere else and you copied the hack
Hackers like to ...
-
leave a backdoor shell so they can return (a php snippet that does whatever they ask it to...)
-
leave another 5312 backdoor shells called things like "index.php" and "includes.php"
-
leave another 1 different kind of backdoor shell
-
rewrite every single php file on your account to include "give away access to the evil man"
-
add their own admin user
-
add a few directories to host evil content (e.g. phishing)
-
add links to your themes and things that make your site advertise ... various things
-
send people using specific browsers away from your site to somewhere that they will get hacked - by putting redirects in your .htaccess file
-
deface your site entirely so it says "hacked by awsum" (but not very often by awsum, and not very often, because it gives the game away)
-
send spam
-
send more spam
-
wait a long time after hacking your site, and then strike...
-
send more spam
Once your site has been hacked, security purists will tell you you cannot trust it. They're mostly right. (Actually, security purists are scared of talking to you, in case they get a virus from you, so just believe me.)
This means you should save what you can and start again from reliable sources:
-
Log in to the using the user name and password (if your site is really evil now, you might get your desktop hacked). If you don't have a password, set one using cpanel
-
Make a backup of your database
-
Make a backup of your images on your local computer
-
Delete everything on your site (maybe move it to a directory called t2ht429hddjfaodskaosig2hg if you're nervous)
-
Reinstall your software from up to date and reliable sources (i.e. not "DOWNLAODS THEMES FOR UR CMS HERE")
-
Restore your images and databases (you did back them up, didn't you) (If you didn't make a backup, go back to that step ... oh wait ... um, that's not going to work)
-
Set proper passwords (no really, don't skip this step)
That's what you *should* do. What most people actually do is that they delete a few recently modified files that they believe represent the whole of the hack, and then wonder why their ISP keeps on stomping on their account. It does help, of course, to make sure that whatever the hacker did to get in the first time can't be done again.