Accredited Registrar Accredited Registrar

Frequently Asked Question

FAQ / Basics

What is meant by Gumblar Attack?

What is meant by Gumblar Attack?

The term Gumblar Attack means that some other person have entered into your FTP or Cpanel account and have uploaded any unwanted code or file.

If you view the message Reported Attack Page! while launching your website, it means that your website is hacked by means of gumblar attack. Someone might have uploaded any unwanted files to your website. This can make your site as a Deceptive/Phishing Site. So you need to clean up the files in FTP, then change the password for both FTP and Cpanel. If you have backup, then delete all the files from public_html in server and upload the fresh files.

Steps To Retrieve / Prevent your site from Gumblar attack :

1. Clean up the files : Delete unwanted files or harm files found in your site,and put fresh files from your backup

2. Change your FTP password (select strong passwords)

3. Do not store password information in FTP clients (like using quickconnect options found in Filezilla) and do not use browsers for FTP connections

4. Make sure that the machine you use for FTP uploads is clean (must not contain any malwares) and is not used for browsing harmful sites

5. Request Google and Firefox to de-list your site from the vulnerable site list maintained by them. (Click here to place de-list request)

6. If you are using Linux hosting always select SFTP protocol in filezilla while connecting server.

How this faq is helpful:

Not at all
Not much
Some what

What could be better? (Optional)
  Not related to my issue
  Too complicated explanations
  Too much information
  Incorrect information
  Unclear information
  Incomplete information
  Too old information
Do you have any other feedback about this faq ?