Help! My Website’s Been Hacked: A Survival Toolkit

You start our day with a cup of coffee, sit down at your desk and begin to read your e-mail.  You immediately notice it.  The email from your Web Hosting Provider with the big WARNING notice in the subject line.  Your heart starts to race thinking “Did I forget to pay my bill?  Are the servers down?  Is there emergency maintenance?”  Then your heart stops, that dreaded notice “We regret to inform you that your website has been exploited.”  How could this happen?  What am I supposed to do?  I don’t know anything about fixing a website!  Well fear not, we are here to help!

 

Rule #1: DO NOT PANIC!

It’s understandable to immediately fall into a spiral.  Afterall this is your livelihood we’re talking about here!  Whether you received an email or happened to visually notice your website was hacked; the first thing you will want to do is bring the site offline.  Not only does an exploited website hurt your business, it can harm potential clients visiting the site.

Contact your Web Hosting Provider immediately and see if they can assist in placing a maintenance page online until you are able to assess the situation.  This way your customer’s are not scared away by a FORBIDDEN notice when attempting to visit your site.  If your provider does not offer this service, you can find many examples online at no cost.  Personally I like to go for something quirky and lighthearted.  This keeps customers from being concerned!

 

Rule #2: IDENTIFY THE PROBLEM

If you’re fortunate, your Web Hosting Provider will be able to identify the intrusion point.  That is to say the security hole they used to break in.  Was it a vulnerable password?  Was the website software out-of-date?  Was there an exploit in one of the plugins or themes?  If they cannot identify the cause, companies such as ours can assist in the process.  In nearly all cases of a website hack, the reason is one of the following,

  1. Vulnerable password
  2. Out dated software
  3. Insecure plugin or theme
  4. Insecure file permissions
  5. Unprotected file uploads
 

 RULE #3: BACKUPS BACKUPS BACKUPS!

Backups are one of the MOST important items to maintain when owning a website.  A recent backup can save you time and money if and when a website hack takes place.  If you are running a content management system such as WordPress, Joomla, Drupal, or Expression Engine, it is also very important to keep matching backups of the SQL database.  If the database dates do not match, it is unlikely the site will properly restore.

If you are not currently following this golden rule, you may still be in luck.  Most major hosting providers maintain their own system backups.  While some may come at a price to restore, the charges are still far less than having to have your website cleaned of malware.

RULE #4: DETERMINE WHEN THE HACK OCCURRED

This is where backups get tricky, and why it’s always important to maintain multiple copies.  Most website hacks take weeks if not months to identify.  You heard that correctly, MONTHS!  If the malware has been present on your website for a while, it will also be present in your backups.  The last thing you want to do is restore a dirty site!   If you are unfamiliar with navigating your website files, you may ask your Web Hosting Provider to identify the ctime (change time) on a malicious file.  If the exploit took place outside of the backup window the files will need to be cleaned of malicious content manually.

RULE #5: UPDATE EVERYTHING

 Once you have chosen a method to remove the malware from the website, it’s time to secure the account.  This means that the following actions are CRITICAL!  

  1.  Change All Passwords – This includes website passwords, web hosting passwords, SSH passwords, etc.  Anything that accesses your website, give it a new password.  Make sure each new password is unique! 
  2. Update All Software – If you are running a content management system, ensure you are using the latest release.  These updates will include any plugins, themes, modules, etc.   If you are unfamiliar with the steps to update, you will want to reach out to your web developer, or your friendly Locked Sealed Secured representative! 
  3. Create a New Backup – Now that the site is clean and up-to-date you will want to create a new backup as soon as possible.  It is not uncommon for recently exploited sites to be retargeted, so having a fresh backup to quickly restore is essential.
  4. Consider Website Hardening – Website hardening is the implementation of best security practices.  These can be unique to the software that is implemented on your Website so you will want to consult a professional before making any particular changes such as file permissions or ownership.
 

IN CONCLUSION

A website hack can be a stressful event, but with the right tools, it can be managed quickly and effectively.  We hope this information serves you well and if you have absolutely any questions we encourage you to reach out to us!