So you are the new victim of nefarious hackers. I know that you are nervous and worried and that’s natural. But, be calm; this is not the end of the world. Hacking is quite common, and so is the recovery of hacked websites. You will be successful in getting your site recovered. But, here are a few critical steps to take if your website has been hacked.
Hacking has become a menace. Here are some harrowing statistics.
43% of cyber-attacks are aimed at small businesses. Every day 230,000 samples of malware are produced. A Clark School study at the University of Maryland revealed that there is a cyber-attack after every 39 seconds. The businesses have to pay a considerable cost for hacking and other cyber-crimes. A Juniper Research study has estimated that cybercrimes will cost businesses $2 trillion in 2019.
Why do hackers hack websites?
There are too many ulterior motives of hackers, who hack websites for many nefarious purposes. Some of these are as follows:
- To render a website useless or shut it down.
- To digitally steal your money, especially through banking Trojans and malicious lines of codes.
- Politically driven defacing of rivals websites. i.e., defacing a website belonging to a contestant in some election.
- Purely mischievous fun. e.g., school’s own students, attacking its website
- To exploit your identity for their own benefits. e.g., using your credit card by gaining access to login information or pins.
The mechanism of website hacking and the signs that show your website has been hacked.
How is a website hacked?
Hackers are always in search of vulnerabilities of sites to attack. They hack a site in different ways, which may include any of the following:
- They guess your passwords easily. Protection necessitates having secured passwords.
- They get your login details through malicious malware introduced to your computer.
- They hack some other website residing on the same server, that of your site.
- They find a security flaw/loophole in the software you use or maybe your firewall is outdated and vulnerable.
Signs of a hacked website.
If any of the following sign appears on your site/web page it is an indication that site has been hacked.
- Your website is redirected to another URL that in most cases is a pornographic website.
- A google alert appearing on the website which informs that the site has been hacked.
- You find new admin, database and FTP users which were not created by you.
- Spam advertisements and pop-ups on the website due to malicious codes.
- The site is no more accessible by Google.
- Your website has been defaced.
- Your browsers, Google Chrome or Firefox, give a warning that site is compromised.
Let’s now check out some of the remedial measures that can help you recover your website.
Inform your hosting service provider/web designer.
This step (inform your hosting service) is the foremost important step you need to take immediately after finding that you’re the victim of a hacking incident.
In most cases, web hosting companies can fix the problems because they are well equipped with the necessary expertise in dealing with such issues. If the hosting service lacks skilled human resource, you should consult your support team, which include your web developer or internal IT support (in case your company has one).
The support team must have programming skills and strong know-how of system security.
Run a full virus scan of your computers.
The hackers in their endeavor to hack some site mostly infect your computers with Trojans, malware, viruses, and spyware, etc. Use secure and trusted commercial antivirus software. I will recommend Norton, Bitdefender, or F-secure. The hackers tend to create backdoors that allow them to avoid regular authentications for getting access to a website.
Remember, inactive themes, and unused plug-ins are soft targets for creating hackable back doors.
Many renowned hosting services provide great help in scanning malware and malicious codes. WordPress, for instance, offers the best malware detecting and removing plug-ins like word fence security and Malware Security.
Assess the extent of the damage.
It is critical to know how severe was the attack and exactly how much damage has it caused.
By understanding its severity, you will be able to devise an appropriate strategy for fixing it up. Get the information in search console, where you may have received messages from Google in “message center” on spam and malware. Also, check the “security issues” segment of your webmaster tools that will provide you information about the type of hack your system has experienced.
Make an in-depth investigation for files or pages modified or new pages created with spams. Inspecting all threats can be easily checked by comparing with a backup (Understand why Good backups are critical).
Change all passwords.
Changing passwords is among the most critical early measures one has to take when his website is hacked. Just do it — change your passwords, even if you have to write them down. Do it. After a scan and clean up — reset all your passwords. Since hackers are keen about your passwords and email addresses, the reset passwords must be tricky and quite hard to guess. Change all user passwords along with passwords for FTP, database usernames, HTTP authentication, and usernames for databases.
It is also recommended that you change passwords on all sites where you have entered your financial and personal data. Try to set hard to crack passwords.
Shut your site down.
You should immediately shut down your website and take it offline for a temporary period. The action of taking your site down, even for a short period, is required in order to save your visitors and people who access your website from malicious malware and span files. Secondly, it will help your support team to service the site and fix the problem without being interrupted.
Clean your site.
Before starting any cleanup process, you should take a backup of your site because despite being hacked up it might contain much valuable information for you. You need to clean files and database hacks by checking that what has been changed or modified which should not have been.
Remove all the URLs created by hackers but take precaution and remove only those pages which you do not want, because the hackers might have damaged some good pages also which need not be deleted and can be restored to the original position with the help of back up.
Request a Google review.
Once you are done with all the steps mentioned above and have successfully restored the website, you must always request a Google review for unflagging your site as dangerous. You should go to the security issue report through search console and find the issues. Google will ask you information about what did you do to clean the site for each category of hacked spam. The review process may take several weeks because it may involve a manual investigation or a complete reprocessing of all the hacked pages. This wait, however, is worth its while and a review should not be avoided at any cost.
Getting your website hacked is a nightmare. You not only lose your confidential data but also suffer obstructed traffic and financial damage along with great inconvenience. Every threat and challenge, however, has many opportunities as well.
Prevention, as they say, is better than cure.
So there are many useful lessons you will learn from this unfortunate experience. Some of these include making sure that you deploy (use) powerful Antivirus software, a trusted firewall, and an efficient monitoring system to review changes. Last but not least, please — please — use a proper backup system.