Security experts claim that there are two groups of businesses in the U.S., according to a recent report in the New York Times: those that have been hacked and those who don’t realize they’ve been hacked. We addressed five basic security measures in last month’s post that can help protect you from being the next “low hanging fruit” of a hacker. But what if you’ve been hacked already? What’re you doing? Join us as we look at ways to understand whether you’ve been hacked, how it’s going to happen, and what steps to take to get your site working again.
How do you know if you’ve been hacked?
There are many ways you can find out that you have hacked your website. If the hacker has actually defaced your website, the most noticeable is. You wake up one morning, open your window, and, uh, look, your website’s gone. “It has been replaced by a new page and has a big sign saying “Hacked by” (fill in the blank).” Or even worse, you are redirected to, hmmm, let’s call it a “unsavory” website. Well, it is clear in those situations that you’ve been hacked.
Hackers will also, however, try to cover their tracks so that it is not evident that a site has been compromised. They would just like you not to know about it, so they want to use your site to do their dirty work as long as they can.
Here are some big signs that your website has been hacked:
- Your site has been defaced.
- Your website is redirected to a ‘unsavory’ website, such as a website for porn or pharmaceuticals.
- You are informed by Google or Bing that your site has been compromised.
- Your Web browser for Firefox or Chrome means that your site may be compromised.
- In your web logs, you find strange traffic, such as unexplained large traffic spikes, particularly from other countries.
How does it happen?
63 percent of website owners suggested in a survey last year by StopBadWare and Commtouch that they did not know how they were hacked. If your website has been compromised, to avoid another attack by the same hacker, it is important to understand how it happened.
There are many, many ways that it is possible to hack a website. Here are some common ways in which hackers can take over your website:
- Guessing your password.
- Capture your login credentials by using malware on your local computer.
- Finding a security flaw that you happen to use in particular applications (especially outdated software).
- Hacking the website of someone else who operates on the same shared server you use for your account.
Note: being hacked on the same website because of someone else’s site is a good reason to avoid cheap providers of hosting. They do not always have the best security policies and on the same server, you also have “bad neighbors.”
So, have you been hacked? What now? 5 Steps that are important
It’s a big deal to get your website hacked and it can be fairly complicated to clean it up. But below are the high-level precautions that should be taken by you and/or your support team once you learn that you have been hacked.
1. Stay calm
Keep cool first of all. You should recuperate.
2. Call in your support team
If you don’t have the right workers technical skills, calling in a support team would be your best choice. Ideally, this would be someone with both powerful technological skills and someone who knows the website and its setup. This could include your hosting company and/or your web developer.
It could be more difficult for web designers without programming and technological experience to assess the problem and address it. To evaluate and address the problem, professional web developers (e.g. programmers) should have the requisite skills.
The actual job of cleaning your website would not be performed by several hosting companies. But they can have invaluable support or they can have other clients that are facing the same problem.
3. Pull together the information your support team will need
For your squad, you’ll need to get your details together. You will need access to your developer/team to:
- CMS Login: the method of content management with administrative/super admin rights
Hosting Login: To view your servers and site logs, your hosting control panel
- Your Weblogs: both logs of access and lots of errors. Be sure that the site logs are generated by your hosting company. Most web hosts do, but by necessity, a few hosting companies may not turn them on or do not allow them access.
FTP / sFTP access credentials: The hostname, username, and password should be included.
Backups: Any backups that you may have
- In case the need should ever occur, you should consider storing this data together in a secure place that you can access easily.
4. Take your website offline
While it is being tested and patched, you can temporarily shut the site down. It could be necessary for your hosting control panel to temporarily turn your site off. Or the main directory where your website resides which needs to be password protected to prevent visitors from accessing your site while the team is working on repairing it.
5. Scan your local computers for viruses and malware
To ensure that they are not tainted with malware, spyware, Trojans, etc., you may want to search your local computer(s) with your anti-virus program. Before using it to search your computer, be sure your anti-virus program is up-to-date.
The Cleaning Process
Hopefully, the support staff will be actively involved in diagnosing how the site was compromised and then working to clean up and rebuild the site. Here’s a sample of what they are going to do:
- Adjust your passwords to log in to the website, database, FTP, etc.
- Making a site backup and downloading it for review
- Examining log files and other documents to establish how the website was compromised and when
- Examining and ensuring that the software extensions used on the web are up to date and do not have any known vulnerabilities
- Reviewing any (if applicable) custom software code for any apparent security vulnerabilities
- Cleaning up the web and getting it online again.
It is also important to understand how the site was hacked, if at all possible so that it can be cleaned properly. I’ve seen a variety of websites that the same hacker infiltrated repeatedly before the right fixes were in place.
It is no pleasure to have your website hacked. Yet you are capable of healing from it. But remain calm and call the right support team to patch it again and run it. Although we’ve just skimmed the surface of the process necessary to clean the site, it can make a huge difference to have the correct support team in place.