Unfortunately, website hacking and other compromise is an ever increasing problem. As your host, we provide a baseline secure environment by ensuring that our machines are regularly patched and updated, and that the versions of software we run are not known to be susceptible to compromise. Additionally, our hosting systems are designed to ensure that to the maximum extent possible, a compromise on one customer's site will not affect another customer.

However, because a customer can upload applications or content that we have no control over, the responsibility for all uploaded content and applications rests firmly with the customer. 

We do not routinely scan customer websites, however we may from time to time become aware that a customer's site has been compromised. 

Such notifications may arise from a number of sources including:

* Third parties that are subject of attacks or probes from your website
* Third party security companies acting for banks or other institutions whose customers your site is targeting (phishing).
* Email recipients or providers that see large amounts of email spam originating from your site
* Search companies (such as Google) that identify malware or dangerous content on your site.
* Customer or other reports that their site is not working

* We will conduct an initial examination of your site including logs, suspicious files and any information provided by the notifier.
* If any compromise or other AUP violation is evident, we will deactivate the site immediately.
* We will examine site files and logs to identify the likely source of compromise*
* We will remove and archive the site files as a zip or unix archive - we will place this in the site root directory**
* We will notify the customer as soon as practicable afterwards.

In most cases, where the site is based on third party applications or components, it will be necessary for you to rebuild the site using the latest known secure version of the application, and to apply any security patches or configurations recommended by the vendor. Where the site is of bespoke design (in-house or contracted developer) you will have to conduct a detailed security assessment of the application and confirm to us that the vulnerability has been removed before you restore the site from your own known-good copy.

The archived site may be of assistance in rebuilding your site locally. Additionally, we do not ususally remove database content, but please be aware that it is possible that your database content may have been altered or downloaded and that it may contain malicious or dangerous content so should be thoroughly checked before being reused.

Note that in the event of website compromise resulting from customer supplied application or content, we reserve the right to charge the customer on a professional services* basis for any support time required over and above the steps outlined above. This includes time expended in retrieving content, assisting in the restoration of the website, conducting further investigations into the source of the compromise, or interfacing with law enforcement or security consultants regarding the incident. In the case of a second or subsequent compromise, whether related to the original incident or not, all support time expended will be billed to the customer. 

The following link may also be useful:  How can I stop my website being hacked or compromised?