Is your business website allowing hackers to distribute malware and orchestrate cyber-attacks/data breaches? Data shows that the distribution of malware is found on an average of 30,000 websites every day. The majority of these websites are hacked and then used to distribute malware by exploiting unprotected vulnerabilities.

To avoid becoming part of the malware distribution chain, it is important for any business owner to have a managed, intelligent, and comprehensive web application security solution in place. However, if your website is hacked, it is equally important to know what step to take. This article will provide you with an in-depth knowledge of the same

Signs that Your Website is Hacked

  • Homepage/ content is modified or vandalized
  • Web traffic is redirected to a sketchy pharmaceutical/ banned/ illegal/ adult website.
  • You are locked out of your website/ your login credentials do not work/ your account does not exist.
  • The site is displaying ads for counterfeit/ illegal products. This could be further infecting your site user’s computers.
  • A sudden drop in speed and performance for no apparent reason may be caused by a hack.
  • Google, Norton or any other Web site reputation engines have flagged or blacklisted your web site
  • Google Analytics is showing you ranking for random/ unrelated keywords.

Is Your Website Hacked? Here Are the Steps to Fix and Secure It

1. Identifying the Attack and Determining Causes

1.1. A Thorough Website Security Check

Use an intelligent, remote scanning tool such as Indusface Web Scanner to perform a thorough website security check to detect warning messages, malicious payload, malware location (if any), blacklist warnings, and other security issues on your website. All databases, third party components, website files and folders, software, plugins, legacy parts, server configurations, access control, CMS, etc. must be included in the scanning. Perform manual reviews of scripts, iFrame, and links for suspicious activity if the scanning tool does not find any malware. Also, if your website is hosted along with several others on the same server, check for cross-site contamination.

 Check for recent file modifications

Examine your files to uncover recent modifications (7-30 days) that are suspicious or unfamiliar, including core files.

Using diagnostic tools, assess Security Status

If Google, other web browsers or web application security authorities have quarantined/ flagged/ blacklisted your website, you must use their diagnostic tools (Google Console, Bing Webmaster Tools, etc.) to understand why and evaluate your security status.

Note: If you are an e-commerce website, you must comply with PCI-DSS Requirement 12.10 requirements and implement the incidence plan accordingly.

2. Cleaning the Hacked Website

Having obtained the insights on where malware is located on your hacked website, you need to clean up, remove malware, and restore normal operation.

A word of caution: Cleaning a hacked website involves some complicated and technical steps. If you are unsure, it is best to enlist professional help to get your website cleaned and fixed after a hacking incident.

Stop malicious process

If there are malicious processes that are still running, the clean up will be wasted and the malware will wreak havoc on your website once again.

Remove hacked website files

Using the insights from step 1, you can replace modified and suspicious files, malicious payload, etc. with new ones or ones that are backed (if not infected by the hacking incident) (if not infected by the hacking incident). You also manually go through all files on your website and remove any that you did not put there or if it looks suspicious. Exercise extreme caution in conducting manual cleaning as it can further erode the health of your website.

 Clean and restore hacked databases using insights from step 1
remove hidden backdoors

Hackers always ensure that they have a way to get back into your website and will create several backdoors. Further, they use encode to ensure that these backdoors are not detected. It is critical that you close all backdoors to prevent reinfection of your website.

 Secure user accounts

If there are suspicious or unfamiliar user accounts, remove them.

Remove malware warning

Request a review from your hosting company/ Google/ web security authority that blocked/ flagged your website. This is to ensure that your security issues have been fixed.

3. Securing the Website from Hackers

Cleaning and restoring files/databases from backup does not stop fixing a hacked website; the most crucial third step is to ensure that your website is not hacked in the future.

 Update and Reset configuration settings and permissions

  • Update all software, CMS, themes, plugins, etc. to ensure that no critical security patches are missed
  • Ensure that there is only one admin account. Additionally, assign least privileges to other user roles
  • Change all passwords to access points.
  • Reinstall all plugins and extensions so that they do not have any residual malware.
  • Remove deactivated plugins from your server.

Create a robust backup strategy and set backups

Good backup strategy = Good security posture. Creating regular and secure backups is critical for quick and secure recovery from a hacking incident.

 Scan all systems for malware

You can readily re-infect your website with any residual malware on your computers/systems. So, scan your computers comprehensively for malware.

Strengthen your Web Application Security measures

If you do not already have a comprehensive, managed security solution such as AppTrana, make sure that you have one onboard to strengthen the security of the web application. The solution must include the solution,

  • For regular and on-demand scanning, an intelligent, automated scanner.
  • A comprehensive, customizable and intuitive Web Application Firewall that protects against malicious actors on your website.
  • The expertise of professionals in certified security.

Conclusion

Reputation engines such as Google can cause serious damage to your company by flagging your website as “malicious”. The recovery process from being hacked is effort-intensive and expensive. To prevent the negative impact of getting hacked, you need to be proactive about web application security regardless of the size and nature of your business. Hackers discover and exploit vulnerabilities in web sites. That is why a proactive approach needs to be adopted to continuously evaluate the risk and mitigate it in a timely manner.