Discovering that your website has been hacked is a miserable experience. What makes it even worse is that it forces you to ask yourself the horrible questions “Has Google blacklisted my site?”. The bad news is that there is a strong chance the answer to that question is “Yes”. The good news is that the situation is far from beyond redemption.
Has Google blacklisted my site?
There are several ways to answer the question “Has Google blacklisted my site?”. Possibly the most straightforward approach is to go to the Google Webmaster Tools page for your website, click on Security Issues, and see what URLs show up. Here is how to interpret what you might see.
example.com – the whole domain has been blocked, including its subdomains
blog.example.com – the whole blog has been blocked
blog.example.com/pages/ – everything below /pages has been blocked
blog.example.com/pages/page1.html – only this page has been blocked
Once you’ve established what has been blocked, you can then proceed to take action to resolve the issue.
Scan your site for malware
This part of the cleanup operation should be a fairly easy win because you can essentially leave it to an automated tool. While you’re scanning your website, it’s a good idea to scan your computers and mobile devices as well. You may find that a hacker compromised one of the devices you use to connect to your website and stole your account details. Unless you take steps to protect your internal computers and devices, a hacker may simply repeat the exercise and all the time you spend cleaning up will be wasted.
Once you have cleaned up any malware, change all relevant passwords
While your first instinct may be to rush off and change all passwords (and this isn’t bad), if you change them before your computers are clean, the hacker may simply steal your updated details, and then you’re back to square one.
Manually clean up your files and tables
This may be the most painful part of the clean-up job. If you have a really small and basic website, then you may just be able to purge everything and start again. Most people, however, will need to go through each infected page, one at a time, and clean it up thoroughly.
This is a delicate job because it involves the in-depth checking and manipulation of code in files and databases. If you accidentally delete “innocent” code, then you may cause problems with the website. If you accidentally leave “malicious” code, you may let the hacker back in and cause even more problems with the website.
In short, unless you’re totally confident that you know exactly what you’re doing, it’s highly recommended to call in a professional who does.
Check your user accounts
This is a really simple step, but it’s one that is easy to overlook when you’re preoccupied with the fact that Google has blacklisted your site. Check your administrator accounts. Make sure that you actively recognize all of them and double-check that all administrators can access their accounts with their correct passwords.
If you don’t recognize an account, delete it immediately. If it turns out you’ve made a mistake, you can always reactivate it. If any of your administrators can’t access their account with their usual password, delete the account and give them a completely new one, with a new password. Delete the account immediately but wait until the malware scans are complete before you create a new account for them.
Pro-tip, some CMSs will allow you to change the default login page. It’s advisable to do this if you can. You don’t have to change it too far from the default. Naming it something truly random may just confuse users. You do, however, want to make it at least slightly different to make life harder for hackers.
If they know the format of your usernames and can go straight to your login page, then they can try using brute-force techniques to break the password. This will, however, be somewhat harder for them if you limit the number of password attempts a user can make before they are blocked.
Request a review by Google and the blacklisting authorities
Once you’re happy that your systems are back in good running order, then submit your site to Google for a review. You’ll probably also need to submit it to other blacklisting authorities such as the antivirus companies. Then have a thorough learn and prevent session to avoid a repeat of this experience.
Please click here now to have your website scanned, for free, by cWatch from Comodo
