- Dubai businesses: ecrime.ae — Dubai Police eCrime Portal
- All Emirates: moi.gov.ae — Ministry of Interior eCrime Portal or MoI UAE app
- Critical infrastructure incidents: tdra.gov.ae — TDRA
- National CERT: aecert.ae — UAE Computer Emergency Response Team
- If your website has been hacked, the situation is recoverable in most cases — especially if you have a recent backup. Stay calm and follow the steps in order.
- The priority sequence is: Contain → Assess → Clean → Restore → Report → Harden. Do not skip steps or jump to restoration before containment.
- Under Federal Decree-Law No. 34 of 2021, unauthorised access to computer systems is a criminal offence in the UAE. Reporting to the appropriate authority is both your right and a practical step toward recovery.
- Google will detect a compromised website and may add a security warning to your search listing. After recovery, submit a reconsideration request through Google Search Console to remove it.
- The best time to prepare for a hack is before it happens. See our prevention guide: How UAE Business Owners Can Protect Their Website and IT Assets in 2026.
Discovering your business website has been hacked is alarming. You may find your homepage has been defaced, visitors are being redirected to other sites, your hosting provider has sent a malware alert, or Google Search Console is showing security warnings. Whatever the symptom, the response process is the same — and it is manageable.
This guide walks through the exact steps to take, in order, if your UAE business website has been compromised.
How to recognise a hacked website
🌍 Homepage defacement
Your homepage has been replaced with a different page, often with a political message, hacker tag, or simply a blank defaced page.
➡️ Suspicious redirects
Visitors to your site are being redirected to gambling, adult, or pharmacy websites without your knowledge.
📧 Google Search Console alert
You have received an email from Google stating your site may be hacked or is distributing malware.
🚫 Hosting suspension
Your hosting provider has suspended your account or sent a malware notification after their automated scans detected malicious files.
📈 Unusual traffic spikes
Your analytics show sudden traffic spikes from unusual countries, or your server resources are being maxed out unexpectedly.
🔑 Locked out of admin
Your admin password no longer works, or you find new admin accounts you did not create in your CMS dashboard.
🔍 Google warning in search
Your website listing in Google shows "This site may be hacked" or "This site may harm your computer" warnings.
📩 Spam emails from your domain
Contacts are receiving spam emails that appear to come from your business email address or domain.
The six-phase response process
Contain — take the site offline immediately
Do this first, before anything else
Put the website in maintenance mode or offline
Contact your hosting provider immediately and ask them to take the site offline, or use your hosting control panel to suspend the website. If you have access to your CMS, enable maintenance mode. This stops malware from spreading to visitors and prevents further data extraction. Do not leave a compromised site running while you investigate.
Change all passwords immediately
Change the passwords for: your hosting control panel, CMS admin account (WordPress, Joomla, etc.), FTP/SFTP access, database access, and your domain registrar account. Use unique, strong passwords for each. Enable two-factor authentication on every account that supports it. Do this before you do anything else on those accounts — the attacker may still have access.
Do not delete anything yet
Preserve the compromised files as evidence. Do not rush to delete malicious files or restore from backup before you have assessed the situation — you may need the evidence for reporting to UAE authorities, and understanding how the attacker got in is essential to preventing reinfection.
Assess — understand what happened
Before cleaning, understand the scope
Check your hosting account for malware scan results
Most hosting providers including GoDaddy cPanel run automated malware scans. Log into your hosting control panel and check the security or malware scan section. This will typically list affected files with timestamps, giving you a picture of when the compromise occurred and which files were modified.
Check Google Search Console for security issues
Log into Google Search Console and check the Security Issues section. Google will detail the type of issue detected — hacked content, malware, social engineering — and which pages are affected. This helps scope the damage and is useful evidence for your report.
Check your server access logs
Access logs record every request made to your server. Review the logs around the time of the suspected compromise for unusual patterns — repeated requests to admin login pages, requests from unfamiliar IP addresses, file upload attempts. Your hosting provider can help you access these logs if you are not familiar with the file locations.
Assess whether customer data was accessed
If your website collects customer information — contact forms, registrations, payment data — assess whether that data may have been accessed or extracted. This determination is important for understanding your notification obligations. If personal data of UAE residents may have been compromised, this may be relevant under applicable data protection frameworks. Consult a qualified legal professional for guidance specific to your situation.
Clean — remove the malware
Thorough removal before restoration
Run a full malware scan using your hosting provider's tools
Most cPanel hosting accounts include Imunify360 or similar malware scanning and cleaning tools. Run a full scan and use the automated cleaning function to quarantine or delete identified malicious files. Your hosting provider's support team can assist with this process.
Check for and remove backdoors
Attackers often install backdoors — hidden files that allow them to regain access even after you have changed your passwords. Common backdoor locations include the uploads directory, theme files, and plugin directories. Look for PHP files in locations where PHP should not normally exist, files with unusual names, or recently modified files that you did not modify.
Update or remove the vulnerability that was exploited
If the attack exploited an outdated plugin, theme, or core CMS version, update it immediately. If the vulnerability is in a plugin that is no longer actively maintained, remove it. Restoring a clean backup to a server that still contains the original vulnerability will result in reinfection — often within hours.
Restore — bring the site back
Clean backup restoration or fresh rebuild
Restore from a clean backup if available
If you have an automated daily backup from before the compromise, restoration is straightforward. Identify a backup from a date before the attack occurred — check your server access logs for when the first suspicious activity appeared. Restore the files and database from that backup. Verify the restored site is clean before bringing it back online.
If no clean backup is available
Without a backup, recovery requires manually cleaning every affected file — a time-intensive process that benefits from professional assistance. In some cases, a fresh installation of the CMS with your content migrated is faster and more reliable than attempting to clean a deeply compromised installation.
Verify the restored site before going live
Before bringing the site back online, run a fresh malware scan on the restored version. Check all pages for redirects or injected content. Confirm all admin accounts are legitimate. Test the site on a staging environment if possible before pointing your live domain back to it.
Report — notify the appropriate UAE authorities
Your right and responsibility under UAE law
Under Federal Decree-Law No. 34 of 2021 on Combatting Rumours and Cybercrimes, unauthorised access to computer systems is a criminal offence in the UAE. Reporting your incident to the appropriate authority creates an official record, may support investigation and prosecution of the attacker, and demonstrates due diligence in the event of any regulatory enquiry.
Collect your evidence before reporting
Before filing a report, gather: screenshots of the compromised website, server access logs showing suspicious activity, malware scan reports from your hosting provider, any unusual emails or communications related to the attack, and the approximate date and time you first noticed the issue. A detailed, evidenced report is more likely to result in an effective investigation.
Report to the appropriate UAE authority
See the official reporting channels section below for the correct authority based on your emirate and the nature of the incident.
Request Google Search Console reconsideration
Once your site is clean and live, log into Google Search Console, go to Security Issues, and submit a reconsideration request. Confirm that you have resolved the issues. Google typically processes these requests within a few days and will remove the security warning from your search listing once satisfied.
Harden — prevent reinfection
Close every door the attacker used
Implement the prevention checklist
A successful attack is the most compelling reason to implement the full protection checklist. See our complete guide: How UAE Business Owners Can Protect Their Website and IT Assets in 2026.
Set up automated daily backups immediately
If you did not have backups before this incident, configure them now. Daily automated backups stored off-server are non-negotiable after a compromise. The current incident has demonstrated exactly why.
Enable a web application firewall
A web application firewall (WAF) filters malicious traffic before it reaches your server. Cloudflare offers WAF capability on free and low-cost plans. cPanel hosting supports ModSecurity at server level. Configure one of these after recovery to reduce the risk of future automated attacks.
Official UAE reporting channels
Dubai Police eCrime Portal
For businesses in Dubai. Report hacking, fraud, phishing, identity theft, and related offences. Available online and via the Dubai Police app. Log in with your Emirates ID or register as a new user. Dubai Police typically acknowledges complaints within 3-7 working days.
ecrime.ae ↗Ministry of Interior eCrime Portal
National portal for all Emirates — for incidents outside Dubai or involving multiple Emirates. Accessible via moi.gov.ae or the MoI UAE app (Google Play, App Store, AppGallery). Requires UAE Pass verification. After submission you receive a case number to track progress.
moi.gov.ae ↗TDRA — Telecommunications and Digital Government Regulatory Authority
For incidents affecting critical digital infrastructure, telecommunications services, or causing significant operational disruption. Organisations should report such incidents to TDRA in addition to police reporting.
tdra.gov.ae ↗aeCERT — UAE National Computer Emergency Response Team
Operated by TDRA. Responsible for detecting, preventing, and responding to cybersecurity incidents across the UAE. For national-level cyber incidents and coordinated response support.
aecert.ae ↗My Safe Society App
Federal Public Prosecution app for reporting online fraud, identity theft, and defamation. Available on iTunes and Google Play.
u.ae — Cyber Safety ↗Federal Decree-Law No. 34 of 2021 on Combatting Rumours and Cybercrimes took effect on 2 January 2022. It establishes the primary legal framework for cybercrime in the UAE, covering unauthorised access, data theft, fraud, and related offences. Penalties include imprisonment and significant financial fines.
If your business has been targeted by a cyberattack, reporting to the appropriate authority is your right under UAE law. The reporting platforms are designed to be accessible and confidential.
Need emergency website recovery support?
House 35 Global Infotech provides emergency malware removal, website recovery, and security hardening for UAE and Gulf businesses.
- Dubai Police eCrime Portal — ecrime.ae
- Ministry of Interior — eCrime Reporting (moi.gov.ae)
- Telecommunications and Digital Government Regulatory Authority — tdra.gov.ae
- aeCERT — UAE National Computer Emergency Response Team
- UAE Government — Cyber Safety and Digital Security (u.ae)
- Google Search Console — Security Issues and Reconsideration Requests
Disclaimer: This article is for informational purposes only and does not constitute legal advice. Laws and regulations may change. For legal advice specific to your situation, consult a qualified legal professional licensed in the UAE. For the most current information on UAE cybersecurity regulations and reporting channels, refer to official government sources at u.ae.
Frequently asked questions
The first step is containment — take your website offline immediately. Then change all passwords associated with the site: hosting panel, CMS admin, FTP, and database. Enable two-factor authentication on all accounts. Do not delete anything yet — preserve the evidence. The full response process is covered in the six phases above.
Yes. Under Federal Decree-Law No. 34 of 2021, unauthorised access to computer systems is a criminal offence in the UAE. Report to the Dubai Police eCrime portal at ecrime.ae (Dubai) or the Ministry of Interior at moi.gov.ae (all Emirates). This article does not constitute legal advice — consult a qualified UAE legal professional for guidance specific to your situation.
With a clean backup, restoration can take a few hours. Without a backup, cleaning a compromised website can take one to several days. This is why automated daily backups stored off-server are critical — they are the primary recovery tool in almost every website hack scenario.
Yes. Google actively scans websites for malware and may add a security warning to your search listing. After recovery, submit a reconsideration request through Google Search Console to have the warning removed. This typically takes a few days.
Yes. House 35 Global Infotech provides emergency website recovery, malware removal, and security hardening for UAE and Gulf businesses. Contact us or WhatsApp +91 9082730445 immediately if your website has been compromised.