Earlier this year, more than 4,000 websites were hacked in a crypto-currency scam that used a website plug-in to infect them with malware. And that was just one incident! Websites are very attractive to hackers because they typically have contact pages or gather customer information in some way. They can redirect that data to themselves and then further spread mischief by emailing malware to your customers. Here are some of the steps you can take if you discover your website has been hacked:
- Inform your web hosting company. Often they will know how to solve the problem better than you. They will also likely have other clients on the same server, so they will need to check those other sites as well. Seek the assistance of security experts (like Blutone Technologies) to help you restore your website and protect it in the future.
- Quarantine your affected website – take it offline until the problem is resolved. Point your web site’s DNS to a static 503 HTTP responsive code page on a different server. This will also ensure your visitors do not encounter malicious code or spam files when they try to visit your site. Your web hosting company can take your site off-line for you, but let them know you will need to toggle your site to test it.
- Check all user accounts on the site. Hackers often create a new account. Note the account names and delete them, but keep the notes in case they are needed for further investigation. Use a “clean” computer to change access passwords. Be sure the new passwords are very different from the current ones – a small change will be more open to future compromise.
- Verify ownership of your site, as the hacker may have verified ownership and compromised your settings. Do this by going to Google Webmaster in your browser. Carefully check all settings and note any unusual changes before correcting them. Restore the website from a clean backup, and take the site back offline to continue to work on it.
- Determine the severity of the attack. Sometimes a hacker will want to use your site to distribute “spam” content, malware, or for phishing purposes. Look for modification of existing pages, new “spam” pages, open “backdoors” for the hacker to use for re-entry, or writing functions that post on clean pages. You may need to compare the hacked website with your clean back up. Check configuration files, look for failed login attempts, creation of user accounts, command history, etc. Update the website with the latest content management system version and security updates.
- Identify your vulnerabilities. Possible suspects include weak or re-used passwords, an infected computer used by an admin, permissive coding, or out of date software. Install security plugins and harden the website to prevent further security compromises.
- Remove new URLs created by the hacker. Be sure the backup website was created prior to the hack. Put your website back online and re-scan it to make sure there are no more security issues. Change the passwords again. Clean and maintain your site and server – be sure you have done a clean installation, not an upgrade, which could leave files from a previous version.
- Request a review by Google to unflag your site or page. For phishing hacks, go to google.com/safebrowsing/report_error/. For spam or malware, go to your Search Console and find the Security Issues report. Click to request a review, and provide the information Google requires to know the site has been cleaned. Phishing reviews typically take a couple days; Malware 3-4 days; and spam hacking may take several weeks.
As you can imagine, avoiding a website hack is much preferred to taking all these steps after the fact! It is imperative to keep up and maintain your site. You do not want to fall into the same traps and be hacked again. With Blutone Technologies, you can rest assured that your site and all your devices are secure, and that clean backups are always available. Get in touch today and get peace of mind knowing you have kept your individual information and business data secure from hackers.
