Website hacked? Emergency support for your shop
Hack cleanup, downtime recovery and data rescue with documented procedures: we handle triage, containment and restoration before the damage grows. The initial assessment is free, cleanup is done at a binding fixed price.
45 min
first response on the Enterprise SLA — including weekends
4 h
average recovery time (project experience)
from €390
hack cleanup at a fixed price after a free initial assessment
0
permanent data losses in past deployments (project experience)
Emergencies in e-commerce are not a theoretical possibility, they happen: shops get compromised, servers fail, databases become corrupt and botched updates bring entire systems down. In these situations, every minute counts — every hour of downtime means lost revenue, frustrated customers and potential loss of trust. Our emergency support is designed for exactly these scenarios: clear processes, experienced technicians and tested recovery procedures restore your shop to a working state as quickly as possible. You do not need an existing contract: the initial assessment is free, and we handle hack cleanups at a fixed price from €390 for websites and from €990 for small shops.
In an emergency, every minute counts — call us directly
+49 5123 9579000Reachable Mon–Fri 9 am–5 pm. Maintenance clients per SLA beyond that — on the Enterprise SLA including weekends and public holidays.
Or report the emergency online- First response (Enterprise)
- 45 min
- Recovery
- avg. 4 h
- Fixed-price cleanup
- from €390
Emergency Control Center: One Deployment from Alert to Relaunch
Emergency Scenarios We Cover
Compromised Shop
Malware cleanup, identification and closure of the security gap, restoration of data integrity and implementation of protective measures against recompromise — at a fixed price from €390.
Server Outage
Diagnosis of the outage cause, restoration of server function or migration to replacement infrastructure. Coordination with the hosting provider for hardware defects.
Data Loss and Database Errors
Restoration from backups, repair of corrupt database tables and reconstruction of lost records. Minimization of data loss through incremental backup strategies.
Failed Updates
Rollback to the previous state, analysis of the error cause and planned repetition of the update after resolving compatibility issues.
Ransomware and Extortion
Isolation of the affected system, forensic analysis of the attack vector, restoration from clean backups and hardening against renewed attacks. No negotiation with extortionists.
DNS and SSL Issues
Resolution of DNS misconfigurations, expired SSL certificates, faulty redirects and domain problems that make the shop unreachable.
Our Emergency Process: From Alert to Recovery
Initial Report and Triage
You report the emergency by phone or email. Our team assesses the severity and immediately initiates the appropriate escalation level. For critical outages, work begins within the SLA-agreed response time — from 45 minutes on the Enterprise SLA.
Hack Cleanup and Data Rescue: Methodical Instead of Hectic
More than deleting suspicious files
Cleaning up a hacked shop requires more than deleting conspicuous files. Attackers frequently leave backdoors that grant them continued access even after a superficial cleanup. Our process includes complete analysis of all system files, checking the database for injected code, closing the original security gap and validating all user accounts. We then harden the system against renewed attacks.
- Complete file and database analysis instead of surface cosmetics
- Backdoor hunt and validation of all user accounts
- Closing the entry points including hardening and WAF rules
Data rescue with a verified relaunch
When backups are missing or damaged, recovery does not end. We reconstruct data from database binary logs, server snapshots and file system remanence, and correlate multiple backup states to reduce data loss to the minimum. Every recovery run ends with a reconciliation of order and customer data and a complete checkout test run — only then does the system go back into live operation.
- Reconstruction of individual transactions after the last backup
- Reconciliation of order and customer data before release
- No permanent data losses in past deployments (project experience)
Hardening after cleanup
Shop hacked or offline?
Do not wait for the damage to grow — we start triage and containment right away, and the initial assessment is free. Reachable by phone Mon–Fri 9 am–5 pm, maintenance clients per SLA beyond that.
Emergency Pricing: Fixed Price Instead of an Open Bill
Cost transparency is part of crisis support for us. For clients with an existing maintenance contract, emergency deployments within the SLA agreement are included in the monthly flat rate — covering first response, diagnosis, recovery and post-incident analysis. Everyone else receives a binding fixed price before cleanup begins, based on a free initial assessment. Only for exceptionally extensive incidents, such as a complete system reconstruction after a ransomware attack, can additional costs arise, which we communicate in advance.
Emergency Deployments at a Predictable Price
A binding fixed price after a free initial assessment — no open-ended hourly estimate in your worst moment.
Hack Cleanup Website
For hacked business websites and CMS installations
- Malware removal and backdoor hunt
- Closing the original security gap
- Password reset, hardening and WAF rules
- Post-incident report included
- Follow-up checks over 8 weeks
Hack Cleanup Shop
For online shops with customer and payment data — small shops from €990
- Forensic analysis of the attack vector
- Support with GDPR notification duties
- Relaunch under time pressure with test runs
- Hardening, WAF and access review
- Post-incident report included
Immediate Help Without Contract
Shop down, plugin conflict or critical error — no maintenance contract required
- Billing in 15-minute increments
- Start right after commissioning
- No basic fee, no minimum term
- Detailed breakdown of all work performed
- Switch to an SLA plan possible at any time
All prices net of VAT. For clients with a maintenance contract, emergency support is included in the SLA (from €199 per month) — with agreed response times down to 45 minutes.
For new clients without an existing contract: in the acute situation, we focus first on recovery and clarify commercial details in parallel — we do not leave anyone with a hacked or failed shop just because contract details are still open. After the deployment, you receive a detailed breakdown of all work performed. Many new clients subsequently opt for an ongoing SLA maintenance contract from €199 per month because they have experienced the value of proactive support firsthand.
Disaster Recovery: Preparing for the Worst
Emergency support that is only built in the moment of crisis is too slow. That is why we create an individual disaster recovery plan for all shops under a managed service contract. This plan defines recovery procedures for various outage scenarios, establishes Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) and documents all necessary access credentials, contacts and decision authorities.
The disaster recovery plan is regularly tested and updated. With every change to the infrastructure or deployed systems, we update the plan. Because a recovery plan that does not reflect the current state of the system is useless in an emergency. Regular recovery tests ensure that the documented procedures actually work and that the defined timeframes can be met.
Prevention: Avoiding Emergencies Before They Occur
The best emergency support is the kind that is not needed. That is why we integrate preventive measures into our managed service contract that significantly reduce the likelihood of emergencies: regular security updates, 24/7 monitoring with early warning systems, tested backup strategies and proactive capacity planning. Shops under our ongoing care experience significantly fewer unplanned outages than shops without professional maintenance (project experience). Our emergency support is designed to reduce your shop's downtime to the absolute minimum and restore normal operations as quickly as possible.
DDoS Attacks and High-Load Scenarios
Distributed Denial of Service (DDoS) attacks aim to overwhelm your shop with massive numbers of requests and thereby make it unreachable. During a DDoS attack, we work closely with your hosting provider to identify and filter attack traffic. Countermeasures include activating rate limiting, configuring GeoIP filtering, routing traffic through a DDoS protection service and temporarily adjusting server configuration to defend against the attack patterns.
Beyond targeted DDoS attacks, organic load peaks can also crash a shop, for example when marketing success or a viral recommendation generates unexpectedly high traffic. In these cases, we help scale the infrastructure at short notice: temporary capacity expansion, activation of additional caching layers and optimization of server configuration for high-load operation. Our goal is to keep the shop reachable even under extreme load conditions and convert the traffic surge into revenue rather than downtime.
Data Recovery and Forensic Analysis
In data loss scenarios, a simple backup restore is not always sufficient. Corrupt databases, partially overwritten files or encrypted systems require forensic methods to reconstruct the maximum possible data.
Binary log reconstruction
Examining database binary logs to reconstruct individual transactions after the last backup.
Snapshots and remanence
Analyzing server snapshots and file system remanence to recover deleted or overwritten data.
Backup correlation
Correlating different backup states to reduce data loss to the absolute minimum.
Findings documentation
Documenting all findings for internal follow-up, the post-incident report and potential legal proceedings.
Communication During a Crisis
In an emergency situation, clear communication is just as important as technical competence. You need to know at all times what is happening, what measures are being taken and when normal operations are expected to be restored. Our communication protocol provides regular status updates: at least every 30 minutes for critical incidents, with every significant status change and after completion of each measure. You learn immediately when the cause is identified, which resolution path is being taken and what impact on ongoing operations is expected.
Beyond this, we designate a dedicated contact person on our side at the beginning of every emergency deployment who is your primary contact for the duration of the engagement. This contact person coordinates all internal measures and ensures that you receive all relevant information through a single channel. For incidents that involve external parties, such as when coordination with the hosting provider is required, we handle this communication and keep you informed of progress.
Typical Scenarios and Our Solution Approaches
In over 50+ emergency deployments (project experience), we have handled a broad spectrum of scenarios and developed standardized solution approaches. The most common scenarios include: websites redirecting to phishing pages through malicious code injection, admin areas becoming inaccessible after a failed update, databases becoming corrupt through faulty plugins, and servers going down due to DDoS attacks or resource overload.
For each of these scenarios, we have documented recovery procedures that enable rapid and coordinated response. In an emergency, our technicians do not have to improvise but can rely on proven workflows. This significantly reduces recovery time and minimizes the risk of follow-up errors under time pressure. At the same time, every emergency is individual, and our experience enables us to quickly make the right diagnosis and choose the most efficient resolution path.
Post-Incident Analysis and Sustainable Protection
An emergency deployment does not end with the restoration of normal operations. Post-incident analysis is an integral part of our process. We document the entire incident, identify the root cause and derive concrete measures to prevent recurrence. For security incidents, this typically includes closing the exploited vulnerability, hardening the system configuration, reviewing all credentials and if necessary introducing additional protective measures such as two-factor authentication or web application firewall rules.
The results of the post-incident analysis feed into ongoing maintenance. If an attack exploited a vulnerability that could also exist in other systems we manage, we proactively check all affected installations. This way, all clients benefit from the findings of individual incidents. This continuous learning loop is one of the reasons why managed systems become increasingly resilient over time.
Checklist for Shop Operators in an Emergency
When an emergency occurs, every minute counts. These immediate measures can be taken by you as a shop operator before our team begins work:
- If a hack is suspected, immediately change all admin passwords if backend access is still possible.
- Document the observed behavior: Since when has the problem occurred? What error messages appear?
- Note recent changes: updates, new plugins, configuration changes.
- Do not attempt repairs or deletions on your own if you are unsure what you are doing.
- Contact our team immediately: +49 5123 9579000 or mail@shop-wartung.de.
Caution with self-repair attempts
Prevention Through Regular Emergency Drills
For Enterprise SLA clients, we offer regular emergency drills in which we simulate an outage scenario and run through recovery procedures under realistic conditions. These drills test not only the technical procedures but also the communication channels, escalation paths and decision processes. Results are documented and feed into improving the disaster recovery plans. Companies that regularly conduct emergency drills handle real incidents faster and with less damage in our experience (project experience), because everyone involved knows what to do.
Key takeaways
- First response from 45 minutes on the Enterprise SLA — including weekends and public holidays.
- Hack cleanup at a fixed price: website from €390, shop from €990 (typically €1,490), each after a free initial assessment.
- Immediate help without a contract for €95 per hour, billed in 15-minute increments.
- No permanent data losses in past deployments (project experience) — thanks to tested backups and forensic data rescue.
- Post-incident report always included: root cause, timeline and measures against recurrence.