Your site has been hаcked - what to do?

Started by arthyk, Nov 07, 2022, 02:17 PM

Previous topic - Next topic

arthykTopic starter

Your first steps after discovering a hаck:

It is highly recommended to close the site for outside visits by posting a "Site is under maintenance" stub page.
Then you need to contact a person who has experience in finding and fixing vulnerabilities on websites. If you don't, then attackers can continue their malicious activity and not only steal additional data, but also "engage" in your clients.

If you do not hurry up in this matter, attackers can hide the traces of their malicious actions, as well as interfere with the "cleanup" work by introducing more and more new worms (scripts, links, etc.)

Do not rush to delete extraneous files yourself, because:

1. These may be necessary files that you may not know about.

2. These files may contain information necessary for finding vulnerabilities.

3. There may be information necessary to determine the ways of hаcking.

Do not try to restore the site from a backup, because: firstly, you will erase the traces of hаcking, and secondly, your new backup will contain malicious code in the archive.

Be sure to save all access and server error logs. The information in them can be very useful for finding vulnerabilities. 8)
    The following users thanked this post: Sevad

Aditi Barman

If it so happens that your website has been hаcked, then first of all our advice is to immediately seek help from specialists. You can read about how to determine if your site has been hаcked in our article.

Your main task after hаcking the site is to ensure the security of information storage, as well as to ensure the safety of users of your site. Remember that with a successful hаcker attack, you not only get malicious code to your site, but you can also lose the user database with all contact information and passwords. Thus, attackers can place a huge amount of spam on your resource and get hold of passwords to social networks and mailboxes of your clients.

You also need to analyze the hаcking of your site to find out about the vulnerability you have in the code and close it as soon as possible.
Also, do not forget that very often hаckers, having gained access to your resource, prefer to leave paths for subsequent hаcking of your resource. Only a highly qualified specialist can identify such ways.

And so, further step-by-step instructions on how you should act in case of hаcking of your site:

1. Check your home computer for viruses. It is not necessary to run to the store and buy a paid antivirus, we recommend that you use Antivira or Comodo.

2. Install FireWall on your local computer. Using a firewall greatly reduces the risk of malware infiltrating your computer. We also recommend using Comodo free and one of the best firewalls, or Zone Alarm, also a good but paid alternative.

3. Contact your hosting provider. hаcking could affect not only your site, especially if you do not rent your own server, but use regular hosting. Inform the administrators and ask them to analyze the hаcking.

4. Change all passwords, starting from mailbox passwords and ending with FTP passwords.

5. Warn your users that the site has been hаcked and recommend them to change passwords to your web site.

6. Urgently make a backup of all the files that are located on your server.

7. Check the file .htaccess for the presence of the code. A hаcker can use this file to redirect visitors from your resource to a site with malicious code installed.

8. Be prepared to have to delete all files from your server. The installed code can be hidden so well that you will have to delete all files and database from your server. However, in order to restore the site, you will need a backup that should have been done earlier, so be sure to read our article about the importance of backing up server files

9. Make an update to the newest version of your CMS.

Summing up, it is worth noting that hаcking is easier to prevent than then restoring the site from scratch.
The security of your website is a big responsibility that only professionals can shoulder. You should not trust the site in the first hands, but, you should not neglect security either.