Is your company website allowing hackers to spread data breaches / cyber attacks with malware and orchestration? Data indicates spreading malware is found every day on an average of 30.000 websites. Most of these websites are compromised by leveraging vulnerable vulnerabilities, and are then used for malware distribution.
To avoid being part of the malware distribution chain, it is important for every business owner to have a managed, knowledgeable, and robust Web application protection solution in place. However, knowing what action to take should your website be hacked is equally critical. This article gives you a detailed understanding of the same.
Signs The website has been hacked
- The Website / Content is updated or vandalised
- Web traffic is diverted to a pharmaceutical/ prohibited / illegal / adult sketchy website.
- You are being locked out of your website / your login credentials are not working / your account is not available.
- The website contains advertising for counterfeit / illegal goods. This could further affect the machines of your website users.
- A hack can trigger a sudden drop in speed and performance, for no obvious reason.
- Google, Norton or every other credible website engine has the website flagged or blacklisted
- Google Analytics rates you for random / unrelated keywords.
Was Compromised Your Website? The measures to repair and protect are here
Identifying the Causes of the Attack
A detailed security review on website
Use a smart, remote scanning tool such as Indusface Web Scanner to unravel warning messages, malicious payload, malware location (if any), blacklist alerts and other security issues on your website to conduct a comprehensive website security check. Scanning must include all databases, components of third parties, files and directories on websites , applications, plugins, legacy parts, server settings, access control, CMS, etc. If no malware is found on the scanning tool, perform manual checks of Scripts, iFrame and links for suspicious behaviour. Check if your website is hosted on the same server along with several others for cross-site contamination, too.
Check for recent changes to the files
Examine your files, including the core data, to discover recent (7-30 days) unusual or unexpected changes.
Assess State of Protection using diagnostic tools
If Google, other web browsers or web application security authorities have quarantined / flagged / blacklisted your website, you must use its testing tools (Google Console, Bing Webmaster Software, etc.) to understand why and determine your security status.
Note: If you are a website for e-commerce, you must meet the specifications of PCI-DSS Requirement 12.10, and execute your incident plan accordingly.
Cleaning up the compromised account
You need to clean up, uninstall malware and restore regular activity after you have gained information on where malware is located on your hacked website.
A word of caution: There are some difficult and complex measures involved in cleaning up a hacked website. If you are unsure, the safest way to get your website cleaned and patched after a hacking incident is to seek professional assistance.
Stop malicious process
If malicious processes are still in operation, the clean up will be lost and the malware will once again wreak havoc on your website.
Delete files from hacked website
You can replace changed and suspicious files, malicious payload, etc. with new ones or ones that are backed up (if not compromised with the hacking incident) using the insights from phase 1. You can go through all the files on your website manually and delete everything that you haven’t put in there or that looks suspicious. Exercise extreme caution in manual cleaning, as it can further erode your website’s protection.
Clean and restore hacked databases using Phase 1 insights
Take out secret backdoors
Hackers always make sure they get a way back into your website and build many backdoors. They often use encoding to make sure such backdoors are not found. To avoid reinfection of your website , it is important that you close all the backdoors.
Secure User Accounts
If the user accounts are questionable or unknown, delete them.
Remove malware warning
Request a check that blocked / flagged your website from your hosting company / Google / web protection authority. That’s to make sure the security problems are resolved.
Securing Hackers’ Website
Fixing a hacked website does not stop cleaning it up and recover files / databases from backup; the third most important move is to ensure that your website will not be hacked in the future.
Configuration update and restore, and permissions
- Update all apps, CMS, themes, plugins, etc. to ensure you don’t miss vital security patches
- Ensure only one admin account exists. In addition, other user functions are given the least rights
- Adjust access points for all passwords.
- Reinstall all plugins and extensions so there is no residual malware in them.
- Delete plugins disabled from your computer.
Establish a good backup plan and set up backups
Good plan for backup = Good posture for defence. Creating frequent and secure backups from a hacking incident is important for fast and safe recovery.
Think about it. Check all Malware Systems
Any residual malware in your computers / systems will reinfect your website with ease. So search your machines thoroughly for malware.
Strengthen protection controls for your Web applications
If you do not already have a robust, controlled security solution, such as AppTrana, make sure you embark on one to improve security of web applications. The answer must come with it
- Smart, automated regular and on-demand scanning scanner.
- A robust, customizable and intuitive Firewall Web Framework that protects your website from malicious actors.
- Expertise of professionals trained in defence.
Getting your website flagged by reputational engines such as Google as “malicious” can cause significant harm to your company. Recovery from being hacked is an effort-intensive and expensive process. Regardless of the size and scope of your company, you need to be vigilant about web application protection to avoid the negative impact of getting hacked. Hackers find and exploit vulnerabilities inside websites. That is why a constructive approach is required to consistently evaluate the risk and minimise it in a timely fashion.